Overview

Dataset info

Number of variables169
Number of observations88
Missing cells10026 (67.4%)
Duplicate rows0 (0.0%)
Total size in memory116.3 KiB
Average record size in memory1.3 KiB

Variables types

Numeric1
Categorical70
Boolean3
Date0
URL2
Text (Unique)0
Rejected92
Unsupported0

Warnings

action_status has 78 (88.6%) missing values Missing
Address has constant value "nan" Rejected
Alberta_Health_Risk_Assessment has constant value "Unknown" Rejected
Alerts has 14 (15.9%) missing values Missing
Assessed_Liability has constant value "0" Rejected
Attachment_SHA has 85 (96.6%) missing values Missing
BU_Code_Legacy has constant value "nan" Rejected
BU_Status has constant value "nan" Rejected
Category has 42 (47.7%) missing values Missing
City has constant value "nan" Rejected
Click_Time has 45 (51.1%) missing values Missing
computer_last_detection_time has constant value "nan" Rejected
computer_name has 78 (88.6%) missing values Missing
computer_number_of_infections has 78 (88.6%) missing values Missing
Condemnation_Time has 42 (47.7%) missing values Missing
Condition_ID has constant value "nan" Rejected
Country/Region has 86 (97.7%) missing values Missing
Data_Compromised has constant value "Unknown" Rejected
Data_Encrypted has constant value "Unknown" Rejected
Data_Format has constant value "nan" Rejected
Date_Closed has a high cardinality: 80 distinct values Warning
Date_Created has a high cardinality: 73 distinct values Warning
Date_Determined has a high cardinality: 73 distinct values Warning
Date_Discovered is a recoding of Date_DeterminedRejected
Date_Occurred has a high cardinality: 76 distinct values Warning
Delivery_Time has 82 (93.2%) missing values Missing
Dell_Secureworks_Alert_Source has 84 (95.5%) missing values Missing
Dell_Secureworks_Category has 84 (95.5%) missing values Missing
Dell_Secureworks_Category_Class has 84 (95.5%) missing values Missing
Dell_Secureworks_Classification has 84 (95.5%) missing values Missing
Dell_Secureworks_Close_Action has constant value "nan" Rejected
Dell_Secureworks_Close_Code has constant value "nan" Rejected
Dell_Secureworks_Description has 84 (95.5%) missing values Missing
Dell_Secureworks_Event_Source has 84 (95.5%) missing values Missing
Dell_Secureworks_Priority has 84 (95.5%) missing values Missing
Dell_Secureworks_Sensor_Name has 87 (98.9%) missing values Missing
Dell_Secureworks_Subject has 82 (93.2%) missing values Missing
Dell_Secureworks_Ticket# has 83 (94.3%) missing values Missing
Dell_Secureworks_Ticket_Type has 84 (95.5%) missing values Missing
Department has constant value "nan" Rejected
Description has a high cardinality: 61 distinct values Warning
Destination_IP has constant value "nan" Rejected
Destination_Port has constant value "nan" Rejected
detection_interval has constant value "nan" Rejected
detection_time has 78 (88.6%) missing values Missing
Directionality has 25 (28.4%) missing values Missing
domain has 78 (88.6%) missing values Missing
Employee has constant value "nan" Rejected
Employee_Involved has constant value "Unknown" Rejected
Employee_Involvement has constant value "Unknown" Rejected
Esclated_To_BU_IT has constant value "nan" Rejected
Exposure_Resolved has constant value "Unknown" Rejected
Exposure_Type has constant value "Unknown" Rejected
file_path has constant value "nan" Rejected
GDPR_Breach_Circumstances has constant value "nan" Rejected
GDPR_Breach_Type has constant value "nan" Rejected
GDPR_Breach_Type_Comment has constant value "nan" Rejected
GDPR_Consequences has constant value "nan" Rejected
GDPR_Consequences_Comment has constant value "nan" Rejected
GDPR_Final_Assessment has constant value "nan" Rejected
GDPR_Final_Assessment_Comment has constant value "nan" Rejected
GDPR_Identification has constant value "nan" Rejected
GDPR_Identification_Comment has constant value "nan" Rejected
GDPR_Personal_Data has constant value "nan" Rejected
GDPR_Personal_Data_Comment has constant value "nan" Rejected
GDPR_Subsequent_Notification has constant value "Unknown" Rejected
Guest_Network_Involvement has constant value "No" Rejected
Harm_Foreseeable has constant value "Unknown" Rejected
Header_From has 42 (47.7%) missing values Missing
Header_Reply_To has 42 (47.7%) missing values Missing
Host_Involved has constant value "nan" Rejected
Host_Name has constant value "nan" Rejected
Hours_worked has constant value "nan" Rejected
HX_Agent_ID has constant value "nan" Rejected
HX_Hostname has constant value "nan" Rejected
HX_IP has constant value "nan" Rejected
HX_UUID has constant value "nan" Rejected
HXname has constant value "nan" Rejected
Impact_Likely has constant value "Unknown" Rejected
Impacted_System has constant value "nan" Rejected
Incident_Type has 5 (5.7%) missing values Missing
Individual_Name has constant value "nan" Rejected
Is_vulnerable? has constant value "Unknown" Rejected
Item_Number has constant value "nan" Rejected
Joe_Sandbox_Result has constant value "nan" Rejected
Jurisdiction has constant value "nan" Rejected
last_detection_time has 78 (88.6%) missing values Missing
Last_Modified has a high cardinality: 80 distinct values Warning
Lawful_Data_Processing_Categories has constant value "nan" Rejected
Location has constant value "nan" Rejected
Machine_Compromised has 25 (28.4%) missing values Missing
malware_file_path has 80 (90.9%) missing values Missing
malware_name has 78 (88.6%) missing values Missing
Members has constant value "nan" Rejected
Message_ID has 82 (93.2%) missing values Missing
Message_Size has 85 (96.6%) missing values Missing
Morphick_Ticket# has 86 (97.7%) missing values Missing
Morphick_Update has constant value "nan" Rejected
Name has a high cardinality: 52 distinct values Warning
Negative_PR has constant value "Unknown" Rejected
Next_Due_Date has constant value "nan" Rejected
NIST_Attack_Vectors has constant value "nan" Rejected
number_of_infections has 78 (88.6%) missing values Missing
Organization has constant value "GAIG" Rejected
Other_Alert_Source has constant value "nan" Rejected
other_path has constant value "nan" Rejected
Outbound_Threat_Type has 25 (28.4%) missing values Missing
Personal_Email has constant value "No" Rejected
PIPEDA_Other_Factors has constant value "nan" Rejected
PIPEDA_Other_Factors_Comment has constant value "nan" Rejected
PIPEDA_Overall_Assessment has constant value "nan" Rejected
PIPEDA_Overall_Assessment_Comment has constant value "nan" Rejected
PIPEDA_Probability_of_Misuse has constant value "nan" Rejected
PIPEDA_Probability_of_Misuse_Comment has constant value "nan" Rejected
PIPEDA_Sensitivity_of_PI has constant value "nan" Rejected
PIPEDA_Sensitivity_of_PI_Comment has constant value "nan" Rejected
Protocol has constant value "nan" Rejected
Recipient has 38 (43.2%) missing values Missing
ref_number has 86 (97.7%) missing values Missing
remediation_action has 78 (88.6%) missing values Missing
Remidiation_Source has constant value "nan" Rejected
Reporting_Individual has 18 (20.5%) missing values Missing
Resolution_Summary has a high cardinality: 67 distinct values Warning
Risk_of_Harm has constant value "nan" Rejected
Sender has 42 (47.7%) missing values Missing
Sender_IP has 42 (47.7%) missing values Missing
Sensor_Name has constant value "nan" Rejected
Service_Now_Ticket# has constant value "nan" Rejected
Simulation has constant value "No" Rejected
Source_IP has 45 (51.1%) missing values Missing
Source_of_Data has constant value "nan" Rejected
Source_Port has constant value "nan" Rejected
State has constant value "nan" Rejected
Status has constant value "Closed" Rejected
Subject has 42 (47.7%) missing values Missing
Threat_Type has constant value "nan" Rejected
Time_Spent_in_BU_IT has constant value "nan" Rejected
Timestamp has constant value "nan" Rejected
triage_status has constant value "nan" Rejected
URL has 45 (51.1%) missing values Missing
URL_Blocked has constant value "nan" Rejected
url_path has 86 (97.7%) missing values Missing
User_Agent has 45 (51.1%) missing values Missing
varonis_additional_data has constant value "nan" Rejected
varonis_desc has 85 (96.6%) missing values Missing
varonis_from has 85 (96.6%) missing values Missing
varonis_id has 85 (96.6%) missing values Missing
varonis_what has 85 (96.6%) missing values Missing
varonis_when has 85 (96.6%) missing values Missing
varonis_where has 85 (96.6%) missing values Missing
varonis_who has 85 (96.6%) missing values Missing
Vendor has constant value "nan" Rejected
Workspace has constant value "Default workspace" Rejected
xmatters_requestId has 87 (98.9%) missing values Missing
Zip has constant value "nan" Rejected

Variables

action_status
Categorical

Distinct count2
Unique (%)2.3%
Missing (%)88.6%
Missing (n)78
Succeeded
 
10
(Missing)
78
ValueCountFrequency (%) 
Succeeded 10 11.4%
 
(Missing) 78 88.6%
 
Max length9
Mean length3.681818182
Min length3
Contains charsTrue
Contains digitsFalse
Contains spacesFalse
Contains non-wordsFalse

Address
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Alberta_Health_Risk_Assessment
Constant

This variable is constant and should be ignored for analysis

Constant valueUnknown

Alert_Source
Categorical

Distinct count10
Unique (%)11.4%
Missing (%)0.0%
Missing (n)0
Proofpoint
46
Preempt
13
SCEP
10
Other values (7)
19
ValueCountFrequency (%) 
Proofpoint 46 52.3%
 
Preempt 13 14.8%
 
SCEP 10 11.4%
 
SecureWorks 6 6.8%
 
PhishMe 4 4.5%
 
Varonis 3 3.4%
 
Morphick 2 2.3%
 
Email 2 2.3%
 
Other 1 1.1%
 
FireEye HX 1 1.1%
 
Max length11
Mean length8.488636364
Min length4
Contains charsTrue
Contains digitsFalse
Contains spacesTrue
Contains non-wordsTrue

Alerts
Categorical

Distinct count3
Unique (%)3.4%
Missing (%)15.9%
Missing (n)14
1
73
3
 
1
(Missing)
 
14
ValueCountFrequency (%) 
1 73 83.0%
 
3 1 1.1%
 
(Missing) 14 15.9%
 
Max length3
Mean length3
Min length3
Contains charsTrue
Contains digitsTrue
Contains spacesFalse
Contains non-wordsTrue

Assessed_Liability
Constant

This variable is constant and should be ignored for analysis

Constant value0

Attachment_SHA
Categorical

Distinct count4
Unique (%)4.5%
Missing (%)96.6%
Missing (n)85
872f0e65ce695f48b67ce59766b026149e66a81ce468d642f04e0b176bb0f306
 
1
19eaad73d300033d4fc2264f5292bdecf6e8426647cea8f713df48b5e4a3187c
 
1
2fdf753ce8eacb52ddfbfb2971c3a928ac66be5693ed066b406a6a85098db7b6
 
1
(Missing)
85
ValueCountFrequency (%) 
872f0e65ce695f48b67ce59766b026149e66a81ce468d642f04e0b176bb0f306 1 1.1%
 
19eaad73d300033d4fc2264f5292bdecf6e8426647cea8f713df48b5e4a3187c 1 1.1%
 
2fdf753ce8eacb52ddfbfb2971c3a928ac66be5693ed066b406a6a85098db7b6 1 1.1%
 
(Missing) 85 96.6%
 
Max length64
Mean length5.079545455
Min length3
Contains charsTrue
Contains digitsTrue
Contains spacesFalse
Contains non-wordsFalse

BU_Code
Categorical

Distinct count25
Unique (%)28.4%
Missing (%)0.0%
Missing (n)0
BG0033
15
BG0008
12
BG0057
11
Other values (22)
50
ValueCountFrequency (%) 
BG0033 15 17.0%
 
BG0008 12 13.6%
 
BG0057 11 12.5%
 
BG0060 10 11.4%
 
BG0020 4 4.5%
 
BG0MEX 4 4.5%
 
BG0051 4 4.5%
 
LG0003 4 4.5%
 
BG0002 3 3.4%
 
BG0029 3 3.4%
 
Other values (15) 18 20.5%
 
Max length6
Mean length6
Min length6
Contains charsTrue
Contains digitsTrue
Contains spacesFalse
Contains non-wordsFalse

BU_Code_Legacy
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

BU_Status
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Business_Unit
Categorical

Distinct count25
Unique (%)28.4%
Missing (%)0.0%
Missing (n)0
Strategic Comp
15
Crop Division
12
National Interstate Ins
11
Other values (22)
50
ValueCountFrequency (%) 
Strategic Comp 15 17.0%
 
Crop Division 12 13.6%
 
National Interstate Ins 11 12.5%
 
AFG Enterprise IT Securit 10 11.4%
 
Summit 4 4.5%
 
IT Services 4 4.5%
 
Annuity Information Tech 4 4.5%
 
El Ag Specialty (Division Danos Mexico) 4 4.5%
 
Mid-Continent Group 3 3.4%
 
Bond Division 3 3.4%
 
Other values (15) 18 20.5%
 
Max length39
Mean length18.54545455
Min length4
Contains charsTrue
Contains digitsFalse
Contains spacesTrue
Contains non-wordsTrue

Categorization
Categorical

Distinct count2
Unique (%)2.3%
Missing (%)0.0%
Missing (n)0
Investigative
65
Event
23
ValueCountFrequency (%) 
Investigative 65 73.9%
 
Event 23 26.1%
 
Max length13
Mean length10.90909091
Min length5
Contains charsTrue
Contains digitsFalse
Contains spacesFalse
Contains non-wordsFalse

Category
Categorical

Distinct count5
Unique (%)5.7%
Missing (%)47.7%
Missing (n)42
phish
39
malware
 
4
Malware
 
2
(Missing)
42
ValueCountFrequency (%) 
phish 39 44.3%
 
malware 4 4.5%
 
Malware 2 2.3%
 
Phishing 1 1.1%
 
(Missing) 42 47.7%
 
Max length9
Mean length4.738636364
Min length3
Contains charsTrue
Contains digitsFalse
Contains spacesTrue
Contains non-wordsTrue

City
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Click_Time
Categorical

Distinct count38
Unique (%)43.2%
Missing (%)51.1%
Missing (n)45
9/17/2019 13:55
 
2
9/17/2019 13:53
 
2
9/17/2019 12:05
 
2
Other values (34)
37
(Missing)
45
ValueCountFrequency (%) 
9/17/2019 13:55 2 2.3%
 
9/17/2019 13:53 2 2.3%
 
9/17/2019 12:05 2 2.3%
 
9/19/2019 14:19 2 2.3%
 
9/9/2019 14:40 2 2.3%
 
8/29/2019 20:17 2 2.3%
 
9/17/2019 12:06 1 1.1%
 
8/23/2019 19:46 1 1.1%
 
9/6/2019 13:10 1 1.1%
 
9/12/2019 17:07 1 1.1%
 
Other values (27) 27 30.7%
 
(Missing) 45 51.1%
 
Max length15
Mean length8.806818182
Min length3
Contains charsTrue
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

computer_last_detection_time
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

computer_name
Categorical

Distinct count8
Unique (%)9.1%
Missing (%)88.6%
Missing (n)78
SCICITRIXF.ga.afginc.com
 
3
cvgwpvrns11.aag.GFRINC.NET
 
2
D-5R4XH02.gamcustom.local
 
1
Other values (4)
 
4
(Missing)
78
ValueCountFrequency (%) 
SCICITRIXF.ga.afginc.com 3 3.4%
 
cvgwpvrns11.aag.GFRINC.NET 2 2.3%
 
D-5R4XH02.gamcustom.local 1 1.1%
 
FLMXL6260NM.summit.local 1 1.1%
 
V-SCI-FS1.ga.afginc.com 1 1.1%
 
ELD-0253020-AJD.ga.afginc.com 1 1.1%
 
GFR-CVG-0104281.ga.afginc.com 1 1.1%
 
(Missing) 78 88.6%
 
Max length29
Mean length5.545454545
Min length3
Contains charsTrue
Contains digitsTrue
Contains spacesFalse
Contains non-wordsTrue

computer_number_of_infections
Boolean

Distinct count2
Unique (%)2.3%
Missing (%)88.6%
Missing (n)78
1
 
10
(Missing)
78
ValueCountFrequency (%) 
1 10 11.4%
 
(Missing) 78 88.6%
 

Condemnation_Time
Categorical

Distinct count24
Unique (%)27.3%
Missing (%)47.7%
Missing (n)42
9/17/2019 13:57
9
8/31/2019 6:20
 
3
9/11/2019 1:38
 
3
Other values (20)
31
(Missing)
42
ValueCountFrequency (%) 
9/17/2019 13:57 9 10.2%
 
8/31/2019 6:20 3 3.4%
 
9/11/2019 1:38 3 3.4%
 
9/13/2019 14:22 3 3.4%
 
9/17/2019 13:32 3 3.4%
 
9/25/2019 18:31 3 3.4%
 
9/20/2019 15:52 2 2.3%
 
9/19/2019 15:01 2 2.3%
 
9/25/2019 17:59 2 2.3%
 
9/19/2019 15:09 2 2.3%
 
Other values (13) 14 15.9%
 
(Missing) 42 47.7%
 
Max length15
Mean length9.125
Min length3
Contains charsTrue
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

Condition_ID
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Country/Region
Categorical

Distinct count2
Unique (%)2.3%
Missing (%)97.7%
Missing (n)86
United States
 
2
(Missing)
86
ValueCountFrequency (%) 
United States 2 2.3%
 
(Missing) 86 97.7%
 
Max length13
Mean length3.227272727
Min length3
Contains charsTrue
Contains digitsFalse
Contains spacesTrue
Contains non-wordsTrue

Created_By
Categorical

Distinct count4
Unique (%)4.5%
Missing (%)0.0%
Missing (n)0
Resilient Admin (resilient_automation@gaig.com)
84
Resilient-Email Connector (irhubacct@rsystems.com)
 
2
Nik Whitis (nwhitis@gaig.com)
 
1
ValueCountFrequency (%) 
Resilient Admin (resilient_automation@gaig.com) 84 95.5%
 
Resilient-Email Connector (irhubacct@rsystems.com) 2 2.3%
 
Nik Whitis (nwhitis@gaig.com) 1 1.1%
 
Gene Kazimiarovich (gkazimiarovich@gaig.com) 1 1.1%
 
Max length50
Mean length46.82954545
Min length29
Contains charsTrue
Contains digitsFalse
Contains spacesTrue
Contains non-wordsTrue

Criminal_Activity
Categorical

Distinct count2
Unique (%)2.3%
Missing (%)0.0%
Missing (n)0
No
86
Unknown
 
2
ValueCountFrequency (%) 
No 86 97.7%
 
Unknown 2 2.3%
 
Max length7
Mean length2.113636364
Min length2
Contains charsTrue
Contains digitsFalse
Contains spacesFalse
Contains non-wordsFalse

Data_Compromised
Constant

This variable is constant and should be ignored for analysis

Constant valueUnknown

Data_Encrypted
Constant

This variable is constant and should be ignored for analysis

Constant valueUnknown

Data_Format
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Date_Closed
Categorical

Distinct count80
Unique (%)90.9%
Missing (%)0.0%
Missing (n)0
9/26/2019 11:04
 
3
9/3/2019 8:16
 
2
9/26/2019 11:09
 
2
Other values (77)
81
ValueCountFrequency (%) 
9/26/2019 11:04 3 3.4%
 
9/3/2019 8:16 2 2.3%
 
9/26/2019 11:09 2 2.3%
 
9/20/2019 12:10 2 2.3%
 
9/25/2019 14:54 2 2.3%
 
9/17/2019 11:09 2 2.3%
 
9/17/2019 11:08 2 2.3%
 
9/19/2019 15:13 1 1.1%
 
9/6/2019 14:45 1 1.1%
 
9/23/2019 14:05 1 1.1%
 
Other values (70) 70 79.5%
 
Max length15
Mean length14.5
Min length13
Contains charsFalse
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

Date_Created
Categorical

Distinct count73
Unique (%)83.0%
Missing (%)0.0%
Missing (n)0
9/17/2019 10:04
 
3
9/17/2019 9:59
 
3
9/17/2019 10:05
 
3
Other values (70)
79
ValueCountFrequency (%) 
9/17/2019 10:04 3 3.4%
 
9/17/2019 9:59 3 3.4%
 
9/17/2019 10:05 3 3.4%
 
9/3/2019 20:47 2 2.3%
 
9/19/2019 11:05 2 2.3%
 
9/13/2019 10:23 2 2.3%
 
9/4/2019 9:54 2 2.3%
 
9/10/2019 21:39 2 2.3%
 
9/20/2019 11:52 2 2.3%
 
9/25/2019 14:01 2 2.3%
 
Other values (63) 65 73.9%
 
Max length15
Mean length14.56818182
Min length13
Contains charsFalse
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

Date_Determined
Categorical

Distinct count73
Unique (%)83.0%
Missing (%)0.0%
Missing (n)0
9/17/2019 10:04
 
3
9/17/2019 10:05
 
3
9/17/2019 9:59
 
3
Other values (70)
79
ValueCountFrequency (%) 
9/17/2019 10:04 3 3.4%
 
9/17/2019 10:05 3 3.4%
 
9/17/2019 9:59 3 3.4%
 
8/31/2019 2:23 2 2.3%
 
9/4/2019 9:54 2 2.3%
 
9/10/2019 21:39 2 2.3%
 
9/20/2019 11:52 2 2.3%
 
9/13/2019 10:23 2 2.3%
 
9/3/2019 20:47 2 2.3%
 
9/19/2019 11:05 2 2.3%
 
Other values (63) 65 73.9%
 
Max length15
Mean length14.56818182
Min length13
Contains charsFalse
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

Date_Discovered
Recoded

This variable is a recoding of Date_Determined and should be ignored for analysis

Date_Occurred
Categorical

Distinct count76
Unique (%)86.4%
Missing (%)0.0%
Missing (n)0
9/17/2019 10:04
 
3
9/17/2019 9:59
 
3
9/3/2019 20:47
 
2
Other values (73)
80
ValueCountFrequency (%) 
9/17/2019 10:04 3 3.4%
 
9/17/2019 9:59 3 3.4%
 
9/3/2019 20:47 2 2.3%
 
9/4/2019 9:54 2 2.3%
 
9/13/2019 10:23 2 2.3%
 
9/19/2019 11:05 2 2.3%
 
9/20/2019 11:52 2 2.3%
 
8/31/2019 2:23 2 2.3%
 
9/17/2019 10:05 2 2.3%
 
9/17/2019 10:00 2 2.3%
 
Other values (66) 66 75.0%
 
Max length15
Mean length14.55681818
Min length13
Contains charsFalse
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

Delivery_Time
Categorical

Distinct count7
Unique (%)8.0%
Missing (%)93.2%
Missing (n)82
9/9/2019 14:39
 
1
9/9/2019 12:24
 
1
9/7/2019 4:33
 
1
Other values (3)
 
3
(Missing)
82
ValueCountFrequency (%) 
9/9/2019 14:39 1 1.1%
 
9/9/2019 12:24 1 1.1%
 
9/7/2019 4:33 1 1.1%
 
9/19/2019 14:19 1 1.1%
 
9/19/2019 14:56 1 1.1%
 
9/23/2019 21:05 1 1.1%
 
(Missing) 82 93.2%
 
Max length15
Mean length3.772727273
Min length3
Contains charsTrue
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

Dell_Secureworks_Alert_Source
Categorical

Distinct count3
Unique (%)3.4%
Missing (%)95.5%
Missing (n)84
-
 
2
IDS
 
2
(Missing)
84
ValueCountFrequency (%) 
- 2 2.3%
 
IDS 2 2.3%
 
(Missing) 84 95.5%
 
Max length3
Mean length2.954545455
Min length1
Contains charsTrue
Contains digitsFalse
Contains spacesFalse
Contains non-wordsTrue

Dell_Secureworks_Category
Categorical

Distinct count3
Unique (%)3.4%
Missing (%)95.5%
Missing (n)84
-
 
3
Command and Control
 
1
(Missing)
84
ValueCountFrequency (%) 
- 3 3.4%
 
Command and Control 1 1.1%
 
(Missing) 84 95.5%
 
Max length19
Mean length3.113636364
Min length1
Contains charsTrue
Contains digitsFalse
Contains spacesTrue
Contains non-wordsTrue

Dell_Secureworks_Category_Class
Categorical

Distinct count4
Unique (%)4.5%
Missing (%)95.5%
Missing (n)84
-
 
2
Health
 
1
Security
 
1
(Missing)
84
ValueCountFrequency (%) 
- 2 2.3%
 
Health 1 1.1%
 
Security 1 1.1%
 
(Missing) 84 95.5%
 
Max length8
Mean length3.045454545
Min length1
Contains charsTrue
Contains digitsFalse
Contains spacesFalse
Contains non-wordsTrue

Dell_Secureworks_Classification
Categorical

Distinct count3
Unique (%)3.4%
Missing (%)95.5%
Missing (n)84
-
 
3
Opportunistic
 
1
(Missing)
84
ValueCountFrequency (%) 
- 3 3.4%
 
Opportunistic 1 1.1%
 
(Missing) 84 95.5%
 
Max length13
Mean length3.045454545
Min length1
Contains charsTrue
Contains digitsFalse
Contains spacesFalse
Contains non-wordsTrue

Dell_Secureworks_Close_Action
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Dell_Secureworks_Close_Code
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Dell_Secureworks_Description
Categorical

Distinct count4
Unique (%)4.5%
Missing (%)95.5%
Missing (n)84
-
 
2
========================= Incident Overview ========================= We are seeing your 10.50.24.46/ddcidp8350.td.afg device generating 'Sourcefire Malware Event: W32.043030FA17-100.SBX.TG - INV39008.zip' alerts for traffic from 10.33.228.105/10.33.228.105 to 104.27.140.247 indicating that 10.33.228.105/10.33.228.105 has generated traffic matching an indicator residing on the Sourcefire malware cloud. The host at 10.33.228.105/10.33.228.105 may have been infected by File: inv39008.zip that was classified by Sourcefire as W32.043030FA17-100.SBX.TG. We are escalating this incident to you via a high priority ticket and phone call per our default event handling procedures. If you would like us to handle these incidents differently in the future (see below for handling options), or if you have any further questions or concerns, please let us know either by corresponding to us via this ticket and delegating the ticket back to the SOC, or by calling us at 877-838-7960. 1) Ticket only escalation for related events (medium priority ticket and an e-mail only notification). 2) Autoresolve events to the Portal (no explicit notification but events will be available for reporting purposes in the portal). Sincerely, SecureWorks SOC ========================= Technical Details ========================= Source: 10.33.228.105 FileHash: 043030fa171b46eac8c708482919f72e6cc77bf851ad900f7e0690d2ff15e855 User: No Authentication RequiredFileName: inv39008.zip FileSize: 1091238 Name of threat from the Sourcefire event: W32.043030FA17-100.SBX.TG FileHash: 043030fa171b46eac8c708482919f72e6cc77bf851ad900f7e0690d2ff15e855 Virus total link: https://www.virustotal.com/en/file/043030fa171b46eac8c708482919f72e6cc77bf851ad900f7e0690d2ff15e855/analysis/ User provided by Sourcefire (if available): No Authentication Required URI detected for this alert (if available): http://yasamkurusatis[.]com/wp-content/uploads/2019/09/files/INV39008[.]zip ========================= References ========================= Reference(s) From the Vendor: Threat Detected in Network File Transfer (Retrospective) ========================= Event Details ========================= Related Events: Event Count: 1 Total Occurrence Count: 1 Event ID: 309187393 Event Summary: Sourcefire Malware Event: W32.043030FA17-100.SBX.TG - INV39008.zip Occurrence Count: 1 Host and Connection Information Source IP: 10.33.228.105 Source Port: 23798 Destination IP: 104.27.140.247 Destination Port: 80 Destination IP Geolocation: San Francisco, USA Connection Directionality: OUTGOING Device Information Device IP: 10.50.24.46 Device Name: ddcidp8350.td.afg Log Time: 2019-09-25 at 19:47:22 Action: Not Blocked Vendor EventID: 1569440841:1:63870 CVSS Score: -1 Vendor Reference: Threat Detected in Network File Transfer (Retrospective) User: No Authentication Required Threat Name: W32.043030FA17-100.SBX.TG File Name: inv39008.zip File Size: 1091238 FileHash: 043030fa171b46eac8c708482919f72e6cc77bf851ad900f7e0690d2ff15e855 SCWX Event Processing Information Sherlock Rule ID (SLE): 843571 Inspector Rule ID: 277082 Inspector Event ID: 3274253601 Ontology ID: 11 Event Type ID: 10 Agent ID: 125057 Event Detail: [***] Malware Event [Threat: W32.043030FA17-100.SBX.TG] [***] [Type: Threat Detected in Network File Transfer (Retrospective)] [Subtype: (0)] [Filename: INV39008.zip] [Hash: 043030fa171b46eac8c708482919f72e6cc77bf851ad900f7e0690d2ff15e855] [FilePath: ] [FileType: ZIP] [FileSize: 1091238] [AppProtocol: HTTP] [ParentFilename: ] [ParentHash: ] [URI: http://yasamkurusatis.com/wp-content/uploads/2019/09/files/INV39008.zip] [Sensor ID: 45] [Event ID: 1569440841:1:63870] [Device: ddcidp8350] [User: No Authentication Required] [Detection: ] [FileTimestamp: 0] [Description: Retrospective Event, Thu Sep 26 02:24:27 2019(UTC), Old Disp: Neutral, New Disp: Malware, Threat Name: W32.043030FA17-100.SBX.TG; ] [Direction: Download] [FilePolicy: SWRX_AMP-Block_File-Block_Policy] [Disposition: UNKNOWN] [RetroDisposition: UNKNOWN] [DstCountry: united states] [SslActualAction: Unknown] [Action: Malware Cloud Lookup] [HTTP Response: 0] 09/25/2019-19:47:22.000000 10.33.228.105:23798 -> 104.27.140.247:80 [O:SECURITY]
 
1
Our event flow monitoring has detected a disruption in the flow of events from ddcidp82601-2.td.afg located at American Financial Group, Inc.. This system generated ticket indicates that SECURITY events have not been received from this device within defined limits. Status is DOWN; last SECURITY event received on Sat Aug 24 23:15:52 UTC 2019. If you would like to speak to a team member please call into the Security Operations Center at 877-838-7960 option #3 or update this ticket on the portal.
 
1
(Missing)
84
ValueCountFrequency (%) 
- 2 2.3%
 
========================= Incident Overview ========================= We are seeing your 10.50.24.46/ddcidp8350.td.afg device generating 'Sourcefire Malware Event: W32.043030FA17-100.SBX.TG - INV39008.zip' alerts for traffic from 10.33.228.105/10.33.228.105 to 104.27.140.247 indicating that 10.33.228.105/10.33.228.105 has generated traffic matching an indicator residing on the Sourcefire malware cloud. The host at 10.33.228.105/10.33.228.105 may have been infected by File: inv39008.zip that was classified by Sourcefire as W32.043030FA17-100.SBX.TG. We are escalating this incident to you via a high priority ticket and phone call per our default event handling procedures. If you would like us to handle these incidents differently in the future (see below for handling options), or if you have any further questions or concerns, please let us know either by corresponding to us via this ticket and delegating the ticket back to the SOC, or by calling us at 877-838-7960. 1) Ticket only escalation for related events (medium priority ticket and an e-mail only notification). 2) Autoresolve events to the Portal (no explicit notification but events will be available for reporting purposes in the portal). Sincerely, SecureWorks SOC ========================= Technical Details ========================= Source: 10.33.228.105 FileHash: 043030fa171b46eac8c708482919f72e6cc77bf851ad900f7e0690d2ff15e855 User: No Authentication RequiredFileName: inv39008.zip FileSize: 1091238 Name of threat from the Sourcefire event: W32.043030FA17-100.SBX.TG FileHash: 043030fa171b46eac8c708482919f72e6cc77bf851ad900f7e0690d2ff15e855 Virus total link: https://www.virustotal.com/en/file/043030fa171b46eac8c708482919f72e6cc77bf851ad900f7e0690d2ff15e855/analysis/ User provided by Sourcefire (if available): No Authentication Required URI detected for this alert (if available): http://yasamkurusatis[.]com/wp-content/uploads/2019/09/files/INV39008[.]zip ========================= References ========================= Reference(s) From the Vendor: Threat Detected in Network File Transfer (Retrospective) ========================= Event Details ========================= Related Events: Event Count: 1 Total Occurrence Count: 1 Event ID: 309187393 Event Summary: Sourcefire Malware Event: W32.043030FA17-100.SBX.TG - INV39008.zip Occurrence Count: 1 Host and Connection Information Source IP: 10.33.228.105 Source Port: 23798 Destination IP: 104.27.140.247 Destination Port: 80 Destination IP Geolocation: San Francisco, USA Connection Directionality: OUTGOING Device Information Device IP: 10.50.24.46 Device Name: ddcidp8350.td.afg Log Time: 2019-09-25 at 19:47:22 Action: Not Blocked Vendor EventID: 1569440841:1:63870 CVSS Score: -1 Vendor Reference: Threat Detected in Network File Transfer (Retrospective) User: No Authentication Required Threat Name: W32.043030FA17-100.SBX.TG File Name: inv39008.zip File Size: 1091238 FileHash: 043030fa171b46eac8c708482919f72e6cc77bf851ad900f7e0690d2ff15e855 SCWX Event Processing Information Sherlock Rule ID (SLE): 843571 Inspector Rule ID: 277082 Inspector Event ID: 3274253601 Ontology ID: 11 Event Type ID: 10 Agent ID: 125057 Event Detail: [***] Malware Event [Threat: W32.043030FA17-100.SBX.TG] [***] [Type: Threat Detected in Network File Transfer (Retrospective)] [Subtype: (0)] [Filename: INV39008.zip] [Hash: 043030fa171b46eac8c708482919f72e6cc77bf851ad900f7e0690d2ff15e855] [FilePath: ] [FileType: ZIP] [FileSize: 1091238] [AppProtocol: HTTP] [ParentFilename: ] [ParentHash: ] [URI: http://yasamkurusatis.com/wp-content/uploads/2019/09/files/INV39008.zip] [Sensor ID: 45] [Event ID: 1569440841:1:63870] [Device: ddcidp8350] [User: No Authentication Required] [Detection: ] [FileTimestamp: 0] [Description: Retrospective Event, Thu Sep 26 02:24:27 2019(UTC), Old Disp: Neutral, New Disp: Malware, Threat Name: W32.043030FA17-100.SBX.TG; ] [Direction: Download] [FilePolicy: SWRX_AMP-Block_File-Block_Policy] [Disposition: UNKNOWN] [RetroDisposition: UNKNOWN] [DstCountry: united states] [SslActualAction: Unknown] [Action: Malware Cloud Lookup] [HTTP Response: 0] 09/25/2019-19:47:22.000000 10.33.228.105:23798 -> 104.27.140.247:80 [O:SECURITY] 1 1.1%
 
Our event flow monitoring has detected a disruption in the flow of events from ddcidp82601-2.td.afg located at American Financial Group, Inc.. This system generated ticket indicates that SECURITY events have not been received from this device within defined limits. Status is DOWN; last SECURITY event received on Sat Aug 24 23:15:52 UTC 2019. If you would like to speak to a team member please call into the Security Operations Center at 877-838-7960 option #3 or update this ticket on the portal. 1 1.1%
 
(Missing) 84 95.5%
 
Max length4332
Mean length57.79545455
Min length1
Contains charsTrue
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

Dell_Secureworks_Event_Source
Categorical

Distinct count4
Unique (%)4.5%
Missing (%)95.5%
Missing (n)84
-
 
2
CTP_HEALTH
 
1
MPLE
 
1
(Missing)
84
ValueCountFrequency (%) 
- 2 2.3%
 
CTP_HEALTH 1 1.1%
 
MPLE 1 1.1%
 
(Missing) 84 95.5%
 
Max length10
Mean length3.045454545
Min length1
Contains charsTrue
Contains digitsFalse
Contains spacesFalse
Contains non-wordsTrue

Dell_Secureworks_Priority
Categorical

Distinct count4
Unique (%)4.5%
Missing (%)95.5%
Missing (n)84
-
 
2
MEDIUM
 
1
HIGH
 
1
(Missing)
84
ValueCountFrequency (%) 
- 2 2.3%
 
MEDIUM 1 1.1%
 
HIGH 1 1.1%
 
(Missing) 84 95.5%
 
Max length6
Mean length3
Min length1
Contains charsTrue
Contains digitsFalse
Contains spacesFalse
Contains non-wordsTrue

Dell_Secureworks_Sensor_Name
Categorical

Distinct count2
Unique (%)2.3%
Missing (%)98.9%
Missing (n)87
ddcidp82601-2.td.afg-8053629
 
1
(Missing)
87
ValueCountFrequency (%) 
ddcidp82601-2.td.afg-8053629 1 1.1%
 
(Missing) 87 98.9%
 
Max length28
Mean length3.284090909
Min length3
Contains charsTrue
Contains digitsTrue
Contains spacesFalse
Contains non-wordsTrue

Dell_Secureworks_Subject
Categorical

Distinct count6
Unique (%)6.8%
Missing (%)93.2%
Missing (n)82
-
 
2
Event flow disruption SECURITY
 
1
[External] Secureworks Ticket #IN33274226 | Event flow disruption SECURITY | ddcidp82601-2.td.afg-8053629 ; | American Financial Group, Inc.
 
1
Other values (2)
 
2
(Missing)
82
ValueCountFrequency (%) 
- 2 2.3%
 
Event flow disruption SECURITY 1 1.1%
 
[External] Secureworks Ticket #IN33274226 | Event flow disruption SECURITY | ddcidp82601-2.td.afg-8053629 ; | American Financial Group, Inc. 1 1.1%
 
[External] (ANSOC) Secureworks Ticket #33681248 Unsuccessful Escalation | Sourcefire AMP: Threat Detected in Network File Transfer (Retrospective) - Host: 10.33.228.105 | ddcidp8350.td.afg-20247860 ; 1 1.1%
 
Sourcefire AMP: Threat Detected in Network File Transfer (Retrospective) - Host: 10.33.228.105 1 1.1%
 
(Missing) 82 93.2%
 
Max length199
Mean length8.079545455
Min length1
Contains charsTrue
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

Dell_Secureworks_Ticket#
Categorical

Distinct count5
Unique (%)5.7%
Missing (%)94.3%
Missing (n)83
IN33274226
 
2
33714161
 
1
IN33681248
 
1
(Missing)
83
ValueCountFrequency (%) 
IN33274226 2 2.3%
 
33714161 1 1.1%
 
IN33681248 1 1.1%
 
33601560 1 1.1%
 
(Missing) 83 94.3%
 
Max length10
Mean length3.352272727
Min length3
Contains charsTrue
Contains digitsTrue
Contains spacesFalse
Contains non-wordsFalse

Dell_Secureworks_Ticket_Type
Categorical

Distinct count3
Unique (%)3.4%
Missing (%)95.5%
Missing (n)84
INCIDENT
 
2
-
 
2
(Missing)
84
ValueCountFrequency (%) 
INCIDENT 2 2.3%
 
- 2 2.3%
 
(Missing) 84 95.5%
 
Max length8
Mean length3.068181818
Min length1
Contains charsTrue
Contains digitsFalse
Contains spacesFalse
Contains non-wordsTrue

Department
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Description
Categorical

Distinct count61
Unique (%)69.3%
Missing (%)0.0%
Missing (n)0
<https://threatinsight.proofpoint.com/769da03a-b7d8-b16f-26e4-c14319bd3442/threat/email/ea42dbc6858dfc6982db4ff47588da4a81f275320600c8e8d830afd77782f078?linkOrigin=notif>
 
9
<https://threatinsight.proofpoint.com/769da03a-b7d8-b16f-26e4-c14319bd3442/threat/email/5c6b382a9219d52bb506a7bffbd019eb328687131df1dca97b02f3e81e107a73?linkOrigin=notif>
 
3
<https://threatinsight.proofpoint.com/769da03a-b7d8-b16f-26e4-c14319bd3442/threat/email/91687e44c9fd8b762fa056e1aef6da857cd12853edfa2503cfb899f6acacad7d?linkOrigin=notif>
 
3
Other values (58)
73
ValueCountFrequency (%) 
<https://threatinsight.proofpoint.com/769da03a-b7d8-b16f-26e4-c14319bd3442/threat/email/ea42dbc6858dfc6982db4ff47588da4a81f275320600c8e8d830afd77782f078?linkOrigin=notif> 9 10.2%
 
<https://threatinsight.proofpoint.com/769da03a-b7d8-b16f-26e4-c14319bd3442/threat/email/5c6b382a9219d52bb506a7bffbd019eb328687131df1dca97b02f3e81e107a73?linkOrigin=notif> 3 3.4%
 
<https://threatinsight.proofpoint.com/769da03a-b7d8-b16f-26e4-c14319bd3442/threat/email/91687e44c9fd8b762fa056e1aef6da857cd12853edfa2503cfb899f6acacad7d?linkOrigin=notif> 3 3.4%
 
<https://threatinsight.proofpoint.com/44844d21-c174-dafd-8904-5beb0a767662/threat/email/c92aedb4ffebfabda75ebd0bccf17cd19efb58fd98bb6c3c99555e8d173a924d?linkOrigin=notif> 3 3.4%
 
<https://threatinsight.proofpoint.com/44844d21-c174-dafd-8904-5beb0a767662/threat/email/f25e6dd884808fd7f2cecebad61848f363593b126ac096513c6160a355593810?linkOrigin=notif> 3 3.4%
 
<https://threatinsight.proofpoint.com/44844d21-c174-dafd-8904-5beb0a767662/threat/email/444eec60dd88c4812ab1d8585c8512a38f3ec9dd8399d8a86ef4b29cc5d04f2b?linkOrigin=notif> 3 3.4%
 
Incident Response team, We have completed an investigation of a suspicious email. From: Multiple Reporters?: Originating IPs: SMTP Relays: Domains: URLs: Reporter: 3 3.4%
 
<https://threatinsight.proofpoint.com/769da03a-b7d8-b16f-26e4-c14319bd3442/threat/email/ae0cbe7bcb2d0f438dda83bbd23812ff1a71f43a300d41480e7ee3e9cbdf6522?linkOrigin=notif> 2 2.3%
 
<https://portal.secureworks.com/portal/incidents/IN33681248> 2 2.3%
 
<https://threatinsight.proofpoint.com/769da03a-b7d8-b16f-26e4-c14319bd3442/threat/email/88184145228f1448462227eaa4dd923bbb16feedd42d8ef921eac4ee506e4516?linkOrigin=notif> 2 2.3%
 
Other values (51) 55 62.5%
 
Max length2670
Mean length543.9772727
Min length60
Contains charsTrue
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

Destination_IP
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Destination_Port
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

detection_interval
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

detection_time
Categorical

Distinct count11
Unique (%)12.5%
Missing (%)88.6%
Missing (n)78
8/29/2019 23:14
 
1
9/25/2019 20:32
 
1
9/23/2019 17:58
 
1
Other values (7)
 
7
(Missing)
78
ValueCountFrequency (%) 
8/29/2019 23:14 1 1.1%
 
9/25/2019 20:32 1 1.1%
 
9/23/2019 17:58 1 1.1%
 
9/18/2019 23:50 1 1.1%
 
9/14/2019 16:43 1 1.1%
 
9/25/2019 20:43 1 1.1%
 
9/17/2019 16:25 1 1.1%
 
9/28/2019 18:22 1 1.1%
 
9/13/2019 16:30 1 1.1%
 
9/25/2019 20:34 1 1.1%
 
(Missing) 78 88.6%
 
Max length15
Mean length4.363636364
Min length3
Contains charsTrue
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

Directionality
Categorical

Distinct count2
Unique (%)2.3%
Missing (%)28.4%
Missing (n)25
Inbound
63
(Missing)
25
ValueCountFrequency (%) 
Inbound 63 71.6%
 
(Missing) 25 28.4%
 
Max length7
Mean length5.863636364
Min length3
Contains charsTrue
Contains digitsFalse
Contains spacesFalse
Contains non-wordsFalse

domain
Categorical

Distinct count5
Unique (%)5.7%
Missing (%)88.6%
Missing (n)78
GA
 
6
AAG
 
2
SUMMIT
 
1
(Missing)
78
ValueCountFrequency (%) 
GA 6 6.8%
 
AAG 2 2.3%
 
SUMMIT 1 1.1%
 
GAMCUSTOM 1 1.1%
 
(Missing) 78 88.6%
 
Max length9
Mean length3.034090909
Min length2
Contains charsTrue
Contains digitsFalse
Contains spacesFalse
Contains non-wordsFalse

Dropped
Categorical

Distinct count3
Unique (%)3.4%
Missing (%)0.0%
Missing (n)0
Unknown
77
No
 
7
Yes
 
4
ValueCountFrequency (%) 
Unknown 77 87.5%
 
No 7 8.0%
 
Yes 4 4.5%
 
Max length7
Mean length6.420454545
Min length2
Contains charsTrue
Contains digitsFalse
Contains spacesFalse
Contains non-wordsFalse

Employee
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Employee_Involved
Constant

This variable is constant and should be ignored for analysis

Constant valueUnknown

Employee_Involvement
Constant

This variable is constant and should be ignored for analysis

Constant valueUnknown

Esclated_To_BU_IT
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Exposure_Resolved
Constant

This variable is constant and should be ignored for analysis

Constant valueUnknown

Exposure_Type
Constant

This variable is constant and should be ignored for analysis

Constant valueUnknown

file_path
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

GDPR_Breach_Circumstances
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

GDPR_Breach_Type
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

GDPR_Breach_Type_Comment
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

GDPR_Consequences
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

GDPR_Consequences_Comment
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

GDPR_Final_Assessment
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

GDPR_Final_Assessment_Comment
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

GDPR_Identification
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

GDPR_Identification_Comment
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

GDPR_Personal_Data
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

GDPR_Personal_Data_Comment
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

GDPR_Subsequent_Notification
Constant

This variable is constant and should be ignored for analysis

Constant valueUnknown

Guest_Network_Involvement
Constant

This variable is constant and should be ignored for analysis

Constant valueNo

Harm_Foreseeable
Constant

This variable is constant and should be ignored for analysis

Constant valueUnknown

Header_From
Categorical

Distinct count5
Unique (%)5.7%
Missing (%)47.7%
Missing (n)42
43
Al <alkempf1901@aol.com>
 
1
=?utf-8?Q?Kristin_Erickson?= <kerickson@tonry.com>
 
1
(Missing)
42
ValueCountFrequency (%) 
43 48.9%
 
Al <alkempf1901@aol.com> 1 1.1%
 
=?utf-8?Q?Kristin_Erickson?= <kerickson@tonry.com> 1 1.1%
 
Arne Sredl <hqfemileenl@outlook.com> 1 1.1%
 
(Missing) 42 47.7%
 
Max length51
Mean length3.693181818
Min length2
Contains charsTrue
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

Header_Reply_To
Categorical

Distinct count2
Unique (%)2.3%
Missing (%)47.7%
Missing (n)42
46
(Missing)
42
ValueCountFrequency (%) 
46 52.3%
 
(Missing) 42 47.7%
 
Max length3
Mean length2.477272727
Min length2
Contains charsTrue
Contains digitsFalse
Contains spacesTrue
Contains non-wordsTrue

Host_Involved
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Host_Name
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Hours_worked
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

HX_Agent_ID
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

HX_Hostname
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

HX_IP
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

HX_UUID
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

HXname
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

ID
Numeric

Distinct count88
Unique (%)100.0%
Missing (%)0.0%
Missing (n)0
Infinite (%)0.0%
Infinite (n)0
Mean7975.272727
Minimum7862
Maximum8075
Zeros (%)0.0%
Mini histogram

Quantile statistics

Minimum7862
5-th percentile7877.35
Q17921.5
Median7977.5
Q38033.25
95-th percentile8062.65
Maximum8075
Range213
Interquartile range111.75

Descriptive statistics

Standard deviation63.4173781
Coef of variation0.0079517504
Kurtosis-1.166047854
Mean7975.272727
MAD53.94834711
Skewness-0.1698550335
Sum701824
Variance4021.763845
Memory size784.0 B
Histogram
Histogram with fixed size bins (bins=50)
Histogram
Histogram with variable size bins (bins=[7862. 8075.], "bayesian blocks" binning strategy used)
ValueCountFrequency (%) 
8052 1 1.1%
 
8062 1 1.1%
 
8042 1 1.1%
 
7977 1 1.1%
 
7978 1 1.1%
 
8033 1 1.1%
 
7980 1 1.1%
 
7982 1 1.1%
 
7984 1 1.1%
 
8036 1 1.1%
 
Other values (78) 78 88.6%
 

Minimum 5 values

ValueCountFrequency (%) 
7862 1 1.1%
 
7863 1 1.1%
 
7864 1 1.1%
 
7865 1 1.1%
 
7877 1 1.1%
 

Maximum 5 values

ValueCountFrequency (%) 
8075 1 1.1%
 
8074 1 1.1%
 
8069 1 1.1%
 
8064 1 1.1%
 
8063 1 1.1%
 

Impact_Likely
Constant

This variable is constant and should be ignored for analysis

Constant valueUnknown

Impacted_System
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Incident_Disposition
Boolean

Distinct count2
Unique (%)2.3%
Missing (%)0.0%
Missing (n)0
Yes
57
No
31
ValueCountFrequency (%) 
Yes 57 64.8%
 
No 31 35.2%
 

Incident_Type
Categorical

Distinct count7
Unique (%)8.0%
Missing (%)5.7%
Missing (n)5
Phishing
42
Malware
17
Suspicious Host Activity
17
Other values (3)
 
7
ValueCountFrequency (%) 
Phishing 42 47.7%
 
Malware 17 19.3%
 
Suspicious Host Activity 17 19.3%
 
Health Alert 5 5.7%
 
Not an Issue 1 1.1%
 
Suspicious Network Traffic 1 1.1%
 
(Missing) 5 5.7%
 
Max length26
Mean length11.09090909
Min length3
Contains charsTrue
Contains digitsFalse
Contains spacesTrue
Contains non-wordsTrue

Individual_Name
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Is_vulnerable?
Constant

This variable is constant and should be ignored for analysis

Constant valueUnknown

Item_Number
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Joe_Sandbox_Result
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Jurisdiction
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

last_detection_time
Categorical

Distinct count11
Unique (%)12.5%
Missing (%)88.6%
Missing (n)78
8/29/2019 23:14
 
1
9/25/2019 20:32
 
1
9/23/2019 17:58
 
1
Other values (7)
 
7
(Missing)
78
ValueCountFrequency (%) 
8/29/2019 23:14 1 1.1%
 
9/25/2019 20:32 1 1.1%
 
9/23/2019 17:58 1 1.1%
 
9/18/2019 23:50 1 1.1%
 
9/14/2019 16:43 1 1.1%
 
9/25/2019 20:43 1 1.1%
 
9/17/2019 16:25 1 1.1%
 
9/28/2019 18:22 1 1.1%
 
9/13/2019 16:30 1 1.1%
 
9/25/2019 20:34 1 1.1%
 
(Missing) 78 88.6%
 
Max length15
Mean length4.363636364
Min length3
Contains charsTrue
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

Last_Modified
Categorical

Distinct count80
Unique (%)90.9%
Missing (%)0.0%
Missing (n)0
9/26/2019 11:04
 
3
9/3/2019 8:16
 
2
9/17/2019 11:08
 
2
Other values (77)
81
ValueCountFrequency (%) 
9/26/2019 11:04 3 3.4%
 
9/3/2019 8:16 2 2.3%
 
9/17/2019 11:08 2 2.3%
 
9/20/2019 12:10 2 2.3%
 
9/17/2019 11:09 2 2.3%
 
9/26/2019 11:09 2 2.3%
 
9/25/2019 14:54 2 2.3%
 
9/12/2019 14:13 1 1.1%
 
9/23/2019 14:05 1 1.1%
 
9/24/2019 9:00 1 1.1%
 
Other values (70) 70 79.5%
 
Max length15
Mean length14.5
Min length13
Contains charsFalse
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

Lawful_Data_Processing_Categories
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Location
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Machine_Compromised
Categorical

Distinct count2
Unique (%)2.3%
Missing (%)28.4%
Missing (n)25
No
63
(Missing)
25
ValueCountFrequency (%) 
No 63 71.6%
 
(Missing) 25 28.4%
 
Max length3
Mean length2.284090909
Min length2
Contains charsTrue
Contains digitsFalse
Contains spacesFalse
Contains non-wordsFalse

malware_file_path
Path

Distinct count9
Unique (%)10.2%
Missing (%)90.9%
Missing (n)80
Common prefixNo common prefix
ValueCountFrequency (%) 
C:\Windows\Temp\__temp_dcf\10\_~\USPSLabel.exe 1 1.1%
 
E:\Users\rgdouglas\Chrome Downloads\blue.php 1 1.1%
 
C:\Users\adeitz\Downloads\{ACD892FD-BD12-460C-B5E4-56F28EA26424}.pdf C:\Users\adeitz\Downloads\{ACD892FD-BD12-460C-B5E4-56F28EA26424}.pdf->(pdf0000:) C:\Users\adeitz\Downloads\{ACD892FD-BD12-460C-B5E4-56F28EA26424}.pdf 1 1.1%
 
C:\Users\ruizl\OneDrive - Netconic IT\Tech Stuff\Software\D7x\d7xFiles(StarterConfig)\d7x\3rd Party Tools\Nirsoft\wirelesskeyview-x64.exe 1 1.1%
 
C:\Users\aijones\AppData\Local\Microsoft\Windows\INetCache\Low\IE\P69U0LR9\REIMBURSEMENT%20LIST[1].pdf 1 1.1%
 
C:\Users\gbell\Downloads\This computer is BLOCKED.htm C:\Users\gbell\Downloads\This computer is BLOCKED.htm 1 1.1%
 
C:\Windows\Temp\__temp_dcf\8\_~\pspv.exe 1 1.1%
 
C:\Users\bbulls\AppData\Local\Temp\4f05.dll 1 1.1%
 
(Missing) 80 90.9%
 
ValueCountFrequency (%) 
USPSLabel 1 1.1%
 
REIMBURSEMENT%20LIST[1] 1 1.1%
 
blue 1 1.1%
 
This computer is BLOCKED 1 1.1%
 
{ACD892FD-BD12-460C-B5E4-56F28EA26424} 1 1.1%
 
pspv 1 1.1%
 
4f05 1 1.1%
 
wirelesskeyview-x64 1 1.1%
 
(Missing) 80 90.9%
 
ValueCountFrequency (%) 
pspv.exe 1 1.1%
 
This computer is BLOCKED.htm 1 1.1%
 
USPSLabel.exe 1 1.1%
 
{ACD892FD-BD12-460C-B5E4-56F28EA26424}.pdf 1 1.1%
 
4f05.dll 1 1.1%
 
wirelesskeyview-x64.exe 1 1.1%
 
REIMBURSEMENT%20LIST[1].pdf 1 1.1%
 
blue.php 1 1.1%
 
(Missing) 80 90.9%
 
ValueCountFrequency (%) 
.exe 3 3.4%
 
.dll 1 1.1%
 
.htm 1 1.1%
 
.pdf 1 1.1%
 
.pdf 1 1.1%
 
.php 1 1.1%
 
(Missing) 80 90.9%
 
ValueCountFrequency (%) 
E:\Users\rgdouglas\Chrome Downloads 1 1.1%
 
C:\Users\aijones\AppData\Local\Microsoft\Windows\INetCache\Low\IE\P69U0LR9 1 1.1%
 
C:\Users\bbulls\AppData\Local\Temp 1 1.1%
 
C:\Users\ruizl\OneDrive - Netconic IT\Tech Stuff\Software\D7x\d7xFiles(StarterConfig)\d7x\3rd Party Tools\Nirsoft 1 1.1%
 
C:\Users\gbell\Downloads\This computer is BLOCKED.htm C:\Users\gbell\Downloads 1 1.1%
 
C:\Users\adeitz\Downloads\{ACD892FD-BD12-460C-B5E4-56F28EA26424}.pdf C:\Users\adeitz\Downloads\{ACD892FD-BD12-460C-B5E4-56F28EA26424}.pdf->(pdf0000:) C:\Users\adeitz\Downloads 1 1.1%
 
C:\Windows\Temp\__temp_dcf\8\_~ 1 1.1%
 
C:\Windows\Temp\__temp_dcf\10\_~ 1 1.1%
 
(Missing) 80 90.9%
 

malware_name
Categorical

Distinct count11
Unique (%)12.5%
Missing (%)88.6%
Missing (n)78
Trojan:HTML/FakeAlert.B
 
1
Trojan:HTML/FakeAlert.AA
 
1
Exploit:PDF/Ticanoti.A
 
1
Other values (7)
 
7
(Missing)
78
ValueCountFrequency (%) 
Trojan:HTML/FakeAlert.B 1 1.1%
 
Trojan:HTML/FakeAlert.AA 1 1.1%
 
Exploit:PDF/Ticanoti.A 1 1.1%
 
TrojanDownloader:Win32/Kuluoz.C 1 1.1%
 
Trojan:Win32/Swrort.A 1 1.1%
 
HackTool:Win32/Passview 1 1.1%
 
Behavior:Win32/Meterpreter.gen!A 1 1.1%
 
Trojan:PDF/Sonbokli.A!cl 1 1.1%
 
HackTool:Win32/WirKey 1 1.1%
 
Behavior:Win32/Atosev.gen!A 1 1.1%
 
(Missing) 78 88.6%
 
Max length32
Mean length5.477272727
Min length3
Contains charsTrue
Contains digitsTrue
Contains spacesFalse
Contains non-wordsTrue

Members
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Message_ID
Categorical

Distinct count7
Unique (%)8.0%
Missing (%)93.2%
Missing (n)82
BN7PR04MB42433B021DC1441D8C70E365CC890@BN7PR04MB4243.namprd04.prod.outlook.com
 
1
0BE47024-9D7E-475D-8107-E31F2E1D02D6@bitesizelearning.co.uk
 
1
44D44C53-A92C-446C-8CEA-C42322A139F1@aol.com
 
1
Other values (3)
 
3
(Missing)
82
ValueCountFrequency (%) 
BN7PR04MB42433B021DC1441D8C70E365CC890@BN7PR04MB4243.namprd04.prod.outlook.com 1 1.1%
 
0BE47024-9D7E-475D-8107-E31F2E1D02D6@bitesizelearning.co.uk 1 1.1%
 
44D44C53-A92C-446C-8CEA-C42322A139F1@aol.com 1 1.1%
 
VI1P189MB0304D6D2D4B1EC058FB786A98BB70@VI1P189MB0304.EURP189.PROD.OUTLOOK.COM 1 1.1%
 
zarafa.5d8396f7.586c.35756e935c983ecc@mail.tonry.com 1 1.1%
 
FR1PR80MB0181F557910BF88584102095ACB50@FR1PR80MB0181.lamprd80.prod.outlook.com 1 1.1%
 
(Missing) 82 93.2%
 
Max length78
Mean length7.204545455
Min length3
Contains charsTrue
Contains digitsTrue
Contains spacesFalse
Contains non-wordsTrue

Message_Size
Categorical

Distinct count4
Unique (%)4.5%
Missing (%)96.6%
Missing (n)85
299 KB
 
1
95 KB
 
1
84 KB
 
1
(Missing)
85
ValueCountFrequency (%) 
299 KB 1 1.1%
 
95 KB 1 1.1%
 
84 KB 1 1.1%
 
(Missing) 85 96.6%
 
Max length6
Mean length3.079545455
Min length3
Contains charsTrue
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

Month
Categorical

Distinct count2
Unique (%)2.3%
Missing (%)0.0%
Missing (n)0
September
84
August
 
4
ValueCountFrequency (%) 
September 84 95.5%
 
August 4 4.5%
 
Max length9
Mean length8.863636364
Min length6
Contains charsTrue
Contains digitsFalse
Contains spacesFalse
Contains non-wordsFalse

Morphick_Ticket#
Categorical

Distinct count3
Unique (%)3.4%
Missing (%)97.7%
Missing (n)86
CS0015754
 
1
CS0015758
 
1
(Missing)
86
ValueCountFrequency (%) 
CS0015754 1 1.1%
 
CS0015758 1 1.1%
 
(Missing) 86 97.7%
 
Max length9
Mean length3.136363636
Min length3
Contains charsTrue
Contains digitsTrue
Contains spacesFalse
Contains non-wordsFalse

Morphick_Update
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Name
Categorical

Distinct count52
Unique (%)59.1%
Missing (%)0.0%
Missing (n)0
[Proofpoint Link] — [Crop Division]
 
11
[Proofpoint Link] — [National Interstate Ins]
 
9
[Proofpoint Link] — [Strategic Comp]
 
7
Other values (49)
61
ValueCountFrequency (%) 
[Proofpoint Link] — [Crop Division] 11 12.5%
 
[Proofpoint Link] — [National Interstate Ins] 9 10.2%
 
[Proofpoint Link] — [Strategic Comp] 7 8.0%
 
Configuration Manager Malware Detected Alert: Malware detection alert for collection: Endpoint Protection - Strategic Compensation Servers 4 4.5%
 
[Proofpoint Link] — [Mid-Continent Group] 3 3.4%
 
Kaspersky Security Center 10 Administration Server Report [National Interstate Ins] 2 2.3%
 
[Proofpoint Link] — [Summit] 2 2.3%
 
Configuration Manager Malware Detected Alert: Malware detection alert for collection: Endpoint Protection - Annuity Servers [Annuity Information Tech] 2 2.3%
 
[Proofpoint Link] — [Financial Institution Ser] 2 2.3%
 
[Proofpoint Link] — [Bond Division] 2 2.3%
 
Other values (42) 44 50.0%
 
Max length216
Mean length74.28409091
Min length19
Contains charsTrue
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

Negative_PR
Constant

This variable is constant and should be ignored for analysis

Constant valueUnknown

Next_Due_Date
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

NIST_Attack_Vectors
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

number_of_infections
Boolean

Distinct count2
Unique (%)2.3%
Missing (%)88.6%
Missing (n)78
1
 
10
(Missing)
78
ValueCountFrequency (%) 
1 10 11.4%
 
(Missing) 78 88.6%
 

Organization
Constant

This variable is constant and should be ignored for analysis

Constant valueGAIG

Other_Alert_Source
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

other_path
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Outbound_Threat_Type
Categorical

Distinct count2
Unique (%)2.3%
Missing (%)28.4%
Missing (n)25
Malware
63
(Missing)
25
ValueCountFrequency (%) 
Malware 63 71.6%
 
(Missing) 25 28.4%
 
Max length7
Mean length5.863636364
Min length3
Contains charsTrue
Contains digitsFalse
Contains spacesFalse
Contains non-wordsFalse

Owner
Categorical

Distinct count4
Unique (%)4.5%
Missing (%)0.0%
Missing (n)0
Paul Karklins (pkarklins@gaig.com)
49
Gene Kazimiarovich (gkazimiarovich@gaig.com)
21
Nik Whitis (nwhitis@gaig.com)
17
ValueCountFrequency (%) 
Paul Karklins (pkarklins@gaig.com) 49 55.7%
 
Gene Kazimiarovich (gkazimiarovich@gaig.com) 21 23.9%
 
Nik Whitis (nwhitis@gaig.com) 17 19.3%
 
Elliot Rhodes (erhodes@gaig.com) 1 1.1%
 
Max length44
Mean length35.39772727
Min length29
Contains charsTrue
Contains digitsFalse
Contains spacesTrue
Contains non-wordsTrue

Personal_Email
Constant

This variable is constant and should be ignored for analysis

Constant valueNo

Phase
Categorical

Distinct count3
Unique (%)3.4%
Missing (%)0.0%
Missing (n)0
Engage
48
Respond
37
Detect/Analyze
 
3
ValueCountFrequency (%) 
Engage 48 54.5%
 
Respond 37 42.0%
 
Detect/Analyze 3 3.4%
 
Max length14
Mean length6.693181818
Min length6
Contains charsTrue
Contains digitsFalse
Contains spacesFalse
Contains non-wordsTrue

PIPEDA_Other_Factors
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

PIPEDA_Other_Factors_Comment
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

PIPEDA_Overall_Assessment
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

PIPEDA_Overall_Assessment_Comment
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

PIPEDA_Probability_of_Misuse
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

PIPEDA_Probability_of_Misuse_Comment
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

PIPEDA_Sensitivity_of_PI
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

PIPEDA_Sensitivity_of_PI_Comment
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Protocol
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Recipient
Categorical

Distinct count39
Unique (%)44.3%
Missing (%)43.2%
Missing (n)38
PhishingNotice@gaig.com
 
4
servicioalcliente@gaig.com
 
3
stephanie.ruggles@natl.com
 
3
Other values (35)
40
(Missing)
38
ValueCountFrequency (%) 
PhishingNotice@gaig.com 4 4.5%
 
servicioalcliente@gaig.com 3 3.4%
 
stephanie.ruggles@natl.com 3 3.4%
 
rbabb@strategiccomp.com 3 3.4%
 
tisaackson@gaig.com 2 2.3%
 
celias@gaic.com 2 2.3%
 
akimble@gaig.com 2 2.3%
 
andrea.medina@natl.com 1 1.1%
 
dmcquay@mcg-ins.com 1 1.1%
 
mcmiller2@gaig.com 1 1.1%
 
Other values (28) 28 31.8%
 
(Missing) 38 43.2%
 
Max length32
Mean length13.72727273
Min length3
Contains charsTrue
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

ref_number
Categorical

Distinct count3
Unique (%)3.4%
Missing (%)97.7%
Missing (n)86
MSG0144748
 
1
MSG0143917
 
1
(Missing)
86
ValueCountFrequency (%) 
MSG0144748 1 1.1%
 
MSG0143917 1 1.1%
 
(Missing) 86 97.7%
 
Max length10
Mean length3.159090909
Min length3
Contains charsTrue
Contains digitsTrue
Contains spacesFalse
Contains non-wordsFalse

remediation_action
Categorical

Distinct count4
Unique (%)4.5%
Missing (%)88.6%
Missing (n)78
NoAction
 
5
Quarantine
 
4
Remove
 
1
(Missing)
78
ValueCountFrequency (%) 
NoAction 5 5.7%
 
Quarantine 4 4.5%
 
Remove 1 1.1%
 
(Missing) 78 88.6%
 
Max length10
Mean length3.636363636
Min length3
Contains charsTrue
Contains digitsFalse
Contains spacesFalse
Contains non-wordsFalse

Remidiation_Source
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Reporting_Individual
Categorical

Distinct count7
Unique (%)8.0%
Missing (%)20.5%
Missing (n)18
tap-notifications@proofpoint.com
46
SCCM_2012_Alert@gaic.com
10
service@secureworks.com
 
6
Other values (3)
 
8
(Missing)
18
ValueCountFrequency (%) 
tap-notifications@proofpoint.com 46 52.3%
 
SCCM_2012_Alert@gaic.com 10 11.4%
 
service@secureworks.com 6 6.8%
 
PhishingNotice@gaig.com 4 4.5%
 
cases@mts.bah.com 2 2.3%
 
kaspersky@natl.com 2 2.3%
 
(Missing) 18 20.5%
 
Max length32
Mean length23.47727273
Min length3
Contains charsTrue
Contains digitsTrue
Contains spacesFalse
Contains non-wordsTrue

Resolution
Categorical

Distinct count3
Unique (%)3.4%
Missing (%)0.0%
Missing (n)0
Resolved
64
Not an Issue
16
Duplicate
 
8
ValueCountFrequency (%) 
Resolved 64 72.7%
 
Not an Issue 16 18.2%
 
Duplicate 8 9.1%
 
Max length12
Mean length8.818181818
Min length8
Contains charsTrue
Contains digitsFalse
Contains spacesTrue
Contains non-wordsTrue

Resolution_Summary
Categorical

Distinct count67
Unique (%)76.1%
Missing (%)0.0%
Missing (n)0
The alert is marked as False positive by Proofpoint on rebrand.ly domain.
 
8
Investigated by Interns. Determined that no further remediation actions were needed.
 
4
User clicked phishing link, password reset requested.
 
4
Other values (64)
72
ValueCountFrequency (%) 
The alert is marked as False positive by Proofpoint on rebrand.ly domain. 8 9.1%
 
Investigated by Interns. Determined that no further remediation actions were needed. 4 4.5%
 
User clicked phishing link, password reset requested. 4 4.5%
 
Malware turned out to be a Qbot variant that scep partially contained. The server was quarantined with Fireeye and is going to be re-built. 3 3.4%
 
The true site behind the office doc appears to have been taken down. however, there is resolution of that domain on the day the email was delivered. I notified the employee that they should reset their password immediately to prevent account misuse. 3 3.4%
 
The domain serving the malware has now been blocked. The citrix server that was infected has been contained and slated to be re-built or decommissioned. Barbara's account credentials, as well as any admin account that touched the server afterward have been changed. The infection was a Qbot variant downloaded via a phishing email to a single user. SCEP was unable to contain it entirely. Fireeye was installed on the box and it was quarantined to prevent further spread. Forensics were unable to be gather since the server had 96GB of RAM and we were not able to process that much data with fireeye. 2 2.3%
 
User clicked phishing link, requested password change. 2 2.3%
 
URL with 3x clicks form the user. URL leads to blank page. Two hits found in proxy logs, both allowed by proxy. No action deemed necessary at this point. 2 2.3%
 
This was a false positive for phishing. 2 2.3%
 
Email removed from users inbox in an unread state. 1 1.1%
 
Other values (57) 57 64.8%
 
Max length602
Mean length116.0454545
Min length32
Contains charsTrue
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

Risk_of_Harm
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Sender
Categorical

Distinct count8
Unique (%)9.1%
Missing (%)47.7%
Missing (n)42
40
kerickson@tonry.com
 
1
avazquez@b-safe.es
 
1
Other values (4)
 
4
(Missing)
42
ValueCountFrequency (%) 
40 45.5%
 
kerickson@tonry.com 1 1.1%
 
avazquez@b-safe.es 1 1.1%
 
0c54789eb9490a211d03ed0bbccd6691@outlook.com 1 1.1%
 
maria@Illinoiscompensation.com 1 1.1%
 
alkempf1901@aol.com 1 1.1%
 
rob@bitesizelearning.co.uk 1 1.1%
 
(Missing) 42 47.7%
 
Max length46
Mean length4.704545455
Min length3
Contains charsTrue
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

Sender_IP
Categorical

Distinct count8
Unique (%)9.1%
Missing (%)47.7%
Missing (n)42
40
40.107.71.136
 
1
162.212.106.10
 
1
Other values (4)
 
4
(Missing)
42
ValueCountFrequency (%) 
40 45.5%
 
40.107.71.136 1 1.1%
 
162.212.106.10 1 1.1%
 
40.107.5.103 1 1.1%
 
40.92.9.41 1 1.1%
 
40.107.7.95 1 1.1%
 
69.252.207.33 1 1.1%
 
(Missing) 42 47.7%
 
Max length15
Mean length3.238636364
Min length2
Contains charsTrue
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

Sensor_Name
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Service_Now_Ticket#
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Severity
Categorical

Distinct count4
Unique (%)4.5%
Missing (%)0.0%
Missing (n)0
4 - Low
37
5 - Informational
26
3 - Moderate
22
ValueCountFrequency (%) 
4 - Low 37 42.0%
 
5 - Informational 26 29.5%
 
3 - Moderate 22 25.0%
 
2 - High 3 3.4%
 
Max length17
Mean length11.23863636
Min length7
Contains charsTrue
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

Simulation
Constant

This variable is constant and should be ignored for analysis

Constant valueNo

Source_IP
Categorical

Distinct count8
Unique (%)9.1%
Missing (%)51.1%
Missing (n)45
208.65.192.1
25
70.62.202.3
 
9
5.148.5.181
 
3
Other values (4)
 
6
(Missing)
45
ValueCountFrequency (%) 
208.65.192.1 25 28.4%
 
70.62.202.3 9 10.2%
 
5.148.5.181 3 3.4%
 
174.225.141.50 3 3.4%
 
63.153.217.10 1 1.1%
 
165.225.81.0 1 1.1%
 
174.198.15.73 1 1.1%
 
(Missing) 45 51.1%
 
Max length16
Mean length8.329545455
Min length3
Contains charsTrue
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

Source_of_Data
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Source_Port
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

State
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Status
Constant

This variable is constant and should be ignored for analysis

Constant valueClosed

Subject
Categorical

Distinct count5
Unique (%)5.7%
Missing (%)47.7%
Missing (n)42
43
mbova : Iceland54
 
1
FW: [UNCHECKED]Re: Great American New England - New Hire Announcement - David Watson
 
1
(Missing)
42
ValueCountFrequency (%) 
43 48.9%
 
mbova : Iceland54 1 1.1%
 
FW: [UNCHECKED]Re: Great American New England - New Hire Announcement - David Watson 1 1.1%
 
Fwd: Great American Insurance Contractors Equipment Policy # IMP 422 96 60 1 1.1%
 
(Missing) 42 47.7%
 
Max length86
Mean length4.954545455
Min length3
Contains charsTrue
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

Threat_Type
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Time_Spent_in_BU_IT
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Timestamp
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

triage_status
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

URL
URL

Distinct count22
Unique (%)25.0%
Missing (%)51.1%
Missing (n)45
ValueCountFrequency (%) 
hxxp://rebrand[.]ly/ran8j8 9 10.2%
 
hxxps://restaurantdepot[.]us14[.]list-manage[.]com/track/click?u=d83d72f34162a726db96d6e0c&id=9a6cd947ca&e=fba78257a3 3 3.4%
 
hxxps://onedrive[.]live[.]com/?authkey=%21AOKAQng6LQUJfG0&cid=F7FA60E0E129FAB4&id=F7FA60E0E129FAB4%21105&parId=root&o=OneUp 3 3.4%
 
hxxps://southernmail-my[.]sharepoint[.]com/:o:/p/jof/EmWRKFQIS7xIsGllqtwxjMMB4S6FcwkKrrtqtf0IQ63Wqg?e=cCLBoo 3 3.4%
 
hxxps://file[.]ac/21euCO1oZvA73vycE36T8w/ 3 3.4%
 
hxxp://forms[.]office[.]com/Pages/ResponsePage[.]aspx?id=zK5pqQMB30CbcUSvo1ld7vQ7s6MVPHpDqlAd7wMjKYRUQUdYM1JZNUEyNzExVlMwWEhCNFBQUUs2Sy4u 3 3.4%
 
hxxps://gvtyos-my[.]sharepoint[.]com/:o:/g/personal/guy_garrott_gvty_com/EqtZwDEn-mhKqXhZWMGYaqYBQQkjE-QTzkCdJvusL9NwNw?e=s73FCX 2 2.3%
 
hxxps://tpins1[.]box[.]com/s/9m5m7mu6ywyvtu0lv3s7737v99skaoc5 2 2.3%
 
hxxps://middleboro-my[.]sharepoint[.]com:443/:b:/g/personal/ssangeleer_middleboro_k12_ma_us/Eeh60AoSGwBIpCicz415CuQB9DK_Iroj3VuOLisyy5p9cQ?e=4%3aTiw7KR&at=9 2 2.3%
 
hxxps://1drive[.]godaddysites[.]com/ 2 2.3%
 
Other values (11) 11 12.5%
 
(Missing) 45 51.1%
 
ValueCountFrequency (%) 
hxxps 30 34.1%
 
hxxp 13 14.8%
 
(Missing) 45 51.1%
 
ValueCountFrequency (%) 
rebrand[.]ly 9 10.2%
 
forms[.]office[.]com 3 3.4%
 
southernmail-my[.]sharepoint[.]com 3 3.4%
 
restaurantdepot[.]us14[.]list-manage[.]com 3 3.4%
 
onedrive[.]live[.]com 3 3.4%
 
file[.]ac 3 3.4%
 
1drive[.]godaddysites[.]com 2 2.3%
 
u345601[.]ct[.]sendgrid[.]net 2 2.3%
 
gvtyos-my[.]sharepoint[.]com 2 2.3%
 
tpins1[.]box[.]com 2 2.3%
 
Other values (10) 11 12.5%
 
(Missing) 45 51.1%
 
ValueCountFrequency (%) 
/ran8j8 9 10.2%
 
/ 3 3.4%
 
/:o:/p/jof/EmWRKFQIS7xIsGllqtwxjMMB4S6FcwkKrrtqtf0IQ63Wqg 3 3.4%
 
/21euCO1oZvA73vycE36T8w/ 3 3.4%
 
/Pages/ResponsePage[.]aspx 3 3.4%
 
/track/click 3 3.4%
 
/wf/click 2 2.3%
 
/:o:/g/personal/guy_garrott_gvty_com/EqtZwDEn-mhKqXhZWMGYaqYBQQkjE-QTzkCdJvusL9NwNw 2 2.3%
 
/ 2 2.3%
 
/:b:/g/personal/ssangeleer_middleboro_k12_ma_us/Eeh60AoSGwBIpCicz415CuQB9DK_Iroj3VuOLisyy5p9cQ 2 2.3%
 
Other values (10) 11 12.5%
 
(Missing) 45 51.1%
 
ValueCountFrequency (%) 
20 22.7%
 
id=zK5pqQMB30CbcUSvo1ld7vQ7s6MVPHpDqlAd7wMjKYRUQUdYM1JZNUEyNzExVlMwWEhCNFBQUUs2Sy4u 3 3.4%
 
authkey=%21AOKAQng6LQUJfG0&cid=F7FA60E0E129FAB4&id=F7FA60E0E129FAB4%21105&parId=root&o=OneUp 3 3.4%
 
e=cCLBoo 3 3.4%
 
u=d83d72f34162a726db96d6e0c&id=9a6cd947ca&e=fba78257a3 3 3.4%
 
e=s73FCX 2 2.3%
 
e=4%3aTiw7KR&at=9 2 2.3%
 
usU23_=mcmiller2@gaig[.]com 1 1.1%
 
upn=pr3T05H2oeVXfnSU4lR0WGW8yj7GUddvike-2BCXtm713I8kqFzPGynwRHnnOlbtkX2tnN0NGRIV412nEOpieygElzwhiTWl7EizXg7Jbhvbs-3D_8Q3ambCFfbHSiGDC4N-2FFPiMqzWSYK-2B3vVnA5T3XgpubN-2FYGsM-2BQgzdeMknQlqd3k68n7ahVcTJN0vcTU6PYlTWVpYsH5Z3vki6LD859-2FQxOv8P0RLE6rIVdN4qMuN9EpyLPpH2WywPFRR01v9gRLOkD-2BqlrxNieOy5bssRrQhOxdbrKlp-2BybMiFqKZR5N2bAWspBN2-2BX-2FCTAus4F3p9FSQ-3D-3D 1 1.1%
 
ticket=93640bhrrqwv7xn05605&calldate=20190904&Q_S1=01 1 1.1%
 
Other values (4) 4 4.5%
 
(Missing) 45 51.1%
 
ValueCountFrequency (%) 
43 48.9%
 
(Missing) 45 51.1%
 

URL_Blocked
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

url_path
URL

Distinct count3
Unique (%)3.4%
Missing (%)97.7%
Missing (n)86
ValueCountFrequency (%) 
http://documents.dps.ny.gov/public/Common/ViewDoc.aspx?DocRefId=%7BACD892FD-BD12-460C-B5E4-56F28EA26424%7D 1 1.1%
 
http://ventriculus.gq/story/index.php 1 1.1%
 
(Missing) 86 97.7%
 
ValueCountFrequency (%) 
http 2 2.3%
 
(Missing) 86 97.7%
 
ValueCountFrequency (%) 
ventriculus.gq 1 1.1%
 
documents.dps.ny.gov 1 1.1%
 
(Missing) 86 97.7%
 
ValueCountFrequency (%) 
/story/index.php 1 1.1%
 
/public/Common/ViewDoc.aspx 1 1.1%
 
(Missing) 86 97.7%
 
ValueCountFrequency (%) 
DocRefId=%7BACD892FD-BD12-460C-B5E4-56F28EA26424%7D 1 1.1%
 
1 1.1%
 
(Missing) 86 97.7%
 
ValueCountFrequency (%) 
2 2.3%
 
(Missing) 86 97.7%
 

User_Agent
Categorical

Distinct count11
Unique (%)12.5%
Missing (%)51.1%
Missing (n)45
Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
16
Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
 
5
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36
 
4
Other values (7)
18
(Missing)
45
ValueCountFrequency (%) 
Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko 16 18.2%
 
Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko 5 5.7%
 
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36 4 4.5%
 
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko 4 4.5%
 
Mozilla/5.0 (iPhone; CPU iPhone OS 12_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Mobile/15E148 Safari/604.1 3 3.4%
 
Mozilla/5.0 (iPhone; CPU iPhone OS 12_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.2 Mobile/15E148 Safari/604.1 3 3.4%
 
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36 3 3.4%
 
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 2 2.3%
 
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36 2 2.3%
 
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.16299 1 1.1%
 
(Missing) 45 51.1%
 
Max length141
Mean length47.76136364
Min length3
Contains charsTrue
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

varonis_additional_data
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

varonis_desc
Categorical

Distinct count3
Unique (%)3.4%
Missing (%)96.6%
Missing (n)85
A file was created, opened or renamed to one of the known exploitation/hacking tools. The list of names is configurable via Exploitation tools dictionary. Exploitation tools enable attackers to abuse exposed vulnerabilities in common software programs, and are a common method to spread malware.
 
2
Many file modified events were detected in a very short time frame by the same user, where the file extension is a known encryption extension. The list of extensions is configurable via Encrypted files dictionary. This may indicate a ransomware attack underway, with the intent to deny access to data.
 
1
(Missing)
85
ValueCountFrequency (%) 
A file was created, opened or renamed to one of the known exploitation/hacking tools. The list of names is configurable via Exploitation tools dictionary. Exploitation tools enable attackers to abuse exposed vulnerabilities in common software programs, and are a common method to spread malware. 2 2.3%
 
Many file modified events were detected in a very short time frame by the same user, where the file extension is a known encryption extension. The list of extensions is configurable via Encrypted files dictionary. This may indicate a ransomware attack underway, with the intent to deny access to data. 1 1.1%
 
(Missing) 85 96.6%
 
Max length301
Mean length13.02272727
Min length3
Contains charsTrue
Contains digitsFalse
Contains spacesTrue
Contains non-wordsTrue

varonis_from
Categorical

Distinct count4
Unique (%)4.5%
Missing (%)96.6%
Missing (n)85
CVGWPDLPNDP1A [10.50.16.203]
 
1
CVGWPXAPPD706 [10.50.84.197]
 
1
CVGWPDLPNDP1B [10.50.16.202]
 
1
(Missing)
85
ValueCountFrequency (%) 
CVGWPDLPNDP1A [10.50.16.203] 1 1.1%
 
CVGWPXAPPD706 [10.50.84.197] 1 1.1%
 
CVGWPDLPNDP1B [10.50.16.202] 1 1.1%
 
(Missing) 85 96.6%
 
Max length28
Mean length3.852272727
Min length3
Contains charsTrue
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

varonis_id
Categorical

Distinct count4
Unique (%)4.5%
Missing (%)96.6%
Missing (n)85
ab8b324b-a663-4ac0-ad36-054f0d925f31
 
1
e6d628bd-b15f-4e7d-bcf3-27c1bcd5c9ec
 
1
ac61591c-0934-432a-ad6b-ffe26a0c1a6c
 
1
(Missing)
85
ValueCountFrequency (%) 
ab8b324b-a663-4ac0-ad36-054f0d925f31 1 1.1%
 
e6d628bd-b15f-4e7d-bcf3-27c1bcd5c9ec 1 1.1%
 
ac61591c-0934-432a-ad6b-ffe26a0c1a6c 1 1.1%
 
(Missing) 85 96.6%
 
Max length36
Mean length4.125
Min length3
Contains charsTrue
Contains digitsTrue
Contains spacesFalse
Contains non-wordsTrue

varonis_what
Categorical

Distinct count3
Unique (%)3.4%
Missing (%)96.6%
Missing (n)85
File opened
 
2
File created
 
1
(Missing)
85
ValueCountFrequency (%) 
File opened 2 2.3%
 
File created 1 1.1%
 
(Missing) 85 96.6%
 
Max length12
Mean length3.284090909
Min length3
Contains charsTrue
Contains digitsFalse
Contains spacesTrue
Contains non-wordsTrue

varonis_when
Categorical

Distinct count4
Unique (%)4.5%
Missing (%)96.6%
Missing (n)85
9/6/2019 5:08:43 AM
 
1
9/23/2019 7:56:02 PM
 
1
9/4/2019 4:25:55 PM
 
1
(Missing)
85
ValueCountFrequency (%) 
9/6/2019 5:08:43 AM 1 1.1%
 
9/23/2019 7:56:02 PM 1 1.1%
 
9/4/2019 4:25:55 PM 1 1.1%
 
(Missing) 85 96.6%
 
Max length20
Mean length3.556818182
Min length3
Contains charsTrue
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

varonis_where
Categorical

Distinct count3
Unique (%)3.4%
Missing (%)96.6%
Missing (n)85
beef-beef-0.4.4.3.zip ([cvgisln01.nas.afg] \ifs\Departments\GAIC\EISG\Common\Training\CEH\Volume 4\CEHv8 Module 13 Hacking Web Applications\Web Application Pen Testing Tools\BeEF\beef-beef-0.4.4.3.zip)
 
2
index-6c5301c9fcf5cf04e5aeb0003955f8f1.code ([cvgisln01.nas.afg] \ifs\Applications\CitrixProfiles\tsprofs\yadhikary\xadesktop\UPM_Profile\AppData\Roaming\Code\CachedData\3db7e09f3b61f915d03bbfa58e258d6eee843f35\index-6c5301c9fcf5cf04e5aeb0003955f8f1.code)
 
1
(Missing)
85
ValueCountFrequency (%) 
beef-beef-0.4.4.3.zip ([cvgisln01.nas.afg] \ifs\Departments\GAIC\EISG\Common\Training\CEH\Volume 4\CEHv8 Module 13 Hacking Web Applications\Web Application Pen Testing Tools\BeEF\beef-beef-0.4.4.3.zip) 2 2.3%
 
index-6c5301c9fcf5cf04e5aeb0003955f8f1.code ([cvgisln01.nas.afg] \ifs\Applications\CitrixProfiles\tsprofs\yadhikary\xadesktop\UPM_Profile\AppData\Roaming\Code\CachedData\3db7e09f3b61f915d03bbfa58e258d6eee843f35\index-6c5301c9fcf5cf04e5aeb0003955f8f1.code) 1 1.1%
 
(Missing) 85 96.6%
 
Max length255
Mean length10.36363636
Min length3
Contains charsTrue
Contains digitsTrue
Contains spacesTrue
Contains non-wordsTrue

varonis_who
Categorical

Distinct count3
Unique (%)3.4%
Missing (%)96.6%
Missing (n)85
ga.afginc.com\Service Account, svc_dlp_read [svc_dlp_read]
 
2
ga.afginc.com\Adhikary, Yudhajit [yadhikary]
 
1
(Missing)
85
ValueCountFrequency (%) 
ga.afginc.com\Service Account, svc_dlp_read [svc_dlp_read] 2 2.3%
 
ga.afginc.com\Adhikary, Yudhajit [yadhikary] 1 1.1%
 
(Missing) 85 96.6%
 
Max length58
Mean length4.715909091
Min length3
Contains charsTrue
Contains digitsFalse
Contains spacesTrue
Contains non-wordsTrue

Vendor
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Workspace
Constant

This variable is constant and should be ignored for analysis

Constant valueDefault workspace

xmatters_requestId
Categorical

Distinct count2
Unique (%)2.3%
Missing (%)98.9%
Missing (n)87
3855b224-85bc-4a13-a203-007ccc971729
 
1
(Missing)
87
ValueCountFrequency (%) 
3855b224-85bc-4a13-a203-007ccc971729 1 1.1%
 
(Missing) 87 98.9%
 
Max length36
Mean length3.375
Min length3
Contains charsTrue
Contains digitsTrue
Contains spacesFalse
Contains non-wordsTrue

Zip
Constant

This variable is constant and should be ignored for analysis

Constant valuenan

Correlations

Missing values

Sample

First rows

action_statusAddressAlberta_Health_Risk_AssessmentAlert_SourceAlertsAssessed_LiabilityAttachment_SHABU_CodeBU_Code_LegacyBU_StatusBusiness_UnitCategorizationCategoryCityClick_Timecomputer_last_detection_timecomputer_namecomputer_number_of_infectionsCondemnation_TimeCondition_IDCountry/RegionCreated_ByCriminal_ActivityData_CompromisedData_EncryptedData_FormatDate_ClosedDate_CreatedDate_DeterminedDate_DiscoveredDate_OccurredDelivery_TimeDell_Secureworks_Alert_SourceDell_Secureworks_CategoryDell_Secureworks_Category_ClassDell_Secureworks_ClassificationDell_Secureworks_Close_ActionDell_Secureworks_Close_CodeDell_Secureworks_DescriptionDell_Secureworks_Event_SourceDell_Secureworks_PriorityDell_Secureworks_Sensor_NameDell_Secureworks_SubjectDell_Secureworks_Ticket#Dell_Secureworks_Ticket_TypeDepartmentDescriptionDestination_IPDestination_Portdetection_intervaldetection_timeDirectionalitydomainDroppedEmployeeEmployee_InvolvedEmployee_InvolvementEsclated_To_BU_ITExposure_ResolvedExposure_Typefile_pathGDPR_Breach_CircumstancesGDPR_Breach_TypeGDPR_Breach_Type_CommentGDPR_ConsequencesGDPR_Consequences_CommentGDPR_Final_AssessmentGDPR_Final_Assessment_CommentGDPR_IdentificationGDPR_Identification_CommentGDPR_Personal_DataGDPR_Personal_Data_CommentGDPR_Subsequent_NotificationGuest_Network_InvolvementHarm_ForeseeableHeader_FromHeader_Reply_ToHost_InvolvedHost_NameHours_workedHX_Agent_IDHX_HostnameHX_IPHX_UUIDHXnameIDImpact_LikelyImpacted_SystemIncident_DispositionIncident_TypeIndividual_NameIs_vulnerable?Item_NumberJoe_Sandbox_ResultJurisdictionlast_detection_timeLast_ModifiedLawful_Data_Processing_CategoriesLocationMachine_Compromisedmalware_file_pathmalware_nameMembersMessage_IDMessage_SizeMonthMorphick_Ticket#Morphick_UpdateNameNegative_PRNext_Due_DateNIST_Attack_Vectorsnumber_of_infectionsOrganizationOther_Alert_Sourceother_pathOutbound_Threat_TypeOwnerPersonal_EmailPhasePIPEDA_Other_FactorsPIPEDA_Other_Factors_CommentPIPEDA_Overall_AssessmentPIPEDA_Overall_Assessment_CommentPIPEDA_Probability_of_MisusePIPEDA_Probability_of_Misuse_CommentPIPEDA_Sensitivity_of_PIPIPEDA_Sensitivity_of_PI_CommentProtocolRecipientref_numberremediation_actionRemidiation_SourceReporting_IndividualResolutionResolution_SummaryRisk_of_HarmSenderSender_IPSensor_NameService_Now_Ticket#SeveritySimulationSource_IPSource_of_DataSource_PortStateStatusSubjectThreat_TypeTime_Spent_in_BU_ITTimestamptriage_statusURLURL_Blockedurl_pathUser_Agentvaronis_additional_datavaronis_descvaronis_fromvaronis_idvaronis_whatvaronis_whenvaronis_wherevaronis_whoVendorWorkspacexmatters_requestIdZip
0SucceededNaNUnknownSCEPNaN0NaNLG0003NaNNaNAnnuity Information TechInvestigativeNaNNaNNaNNaNGFR-CVG-0104281.ga.afginc.com1.0NaNNaNNaNResilient Admin (resilient_automation@gaig.com)NoUnknownUnknownNaN9/9/2019 14:038/29/2019 19:158/29/2019 23:148/29/2019 23:148/29/2019 23:13NaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNSystem Center Endpoint Protection has detected...NaNNaNNaN8/29/2019 23:14InboundGAUnknownNaNUnknownUnknownNaNUnknownUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNUnknownNoUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaN7862UnknownNaNYesSuspicious Host ActivityNaNUnknownNaNNaNNaN8/29/2019 23:149/9/2019 14:03NaNNaNNoC:\Users\gbell\Downloads\This computer is BLOC...Trojan:HTML/FakeAlert.BNaNNaNNaNAugustNaNNaNConfiguration Manager Malware Detected Alert: ...UnknownNaNNaN1.0GAIGNaNNaNMalwareGene Kazimiarovich (gkazimiarovich@gaig.com)NoRespondNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNoActionNaNSCCM_2012_Alert@gaic.comResolvedHTML/FakeAlert. Fire quarantined on touching t...NaNNaNNaNNaNNaN4 - LowNoNaNNaNNaNNaNClosedNaNNaNNaNNaNNaNNaNNaNhttp://ventriculus.gq/story/index.phpNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNDefault workspaceNaNNaN
1NaNNaNUnknownProofpoint1.00NaNBG0057NaNNaNNational Interstate InsEventphishNaN8/29/2019 20:29NaNNaNNaN8/31/2019 6:20NaNNaNResilient Admin (resilient_automation@gaig.com)NoUnknownUnknownNaN9/3/2019 8:158/31/2019 2:218/31/2019 2:218/31/2019 2:218/31/2019 2:21NaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaN<https://threatinsight.proofpoint.com/44844d21...NaNNaNNaNNaNNaNNaNUnknownNaNUnknownUnknownNaNUnknownUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNUnknownNoUnknownNaNNaNNaNNaNNaNNaNNaNNaN7863UnknownNaNYesPhishingNaNUnknownNaNNaNNaNNaN9/3/2019 8:15NaNNaNNaNNaNNaNNaNNaNNaNAugustNaNNaN[Proofpoint Link] — [National Interstate Ins]UnknownNaNNaNNaNGAIGNaNNaNNaNNik Whitis (nwhitis@gaig.com)NoEngageNaNNaNNaNNaNNaNNaNNaNNaNNaNstephanie.ruggles@natl.comNaNNaNNaNtap-notifications@proofpoint.comResolvedThe true site behind the office doc appears to...NaNNaNNaN4 - LowNo70.62.202.3NaNNaNNaNClosedNaNNaNNaNNaNhxxps://onedrive[.]live[.]com/?authkey=%21AOKA...NaNNaNMozilla/5.0 (Windows NT 10.0; Win64; x64) App...NaNNaNNaNNaNNaNNaNNaNNaNNaNDefault workspaceNaNNaN
2NaNNaNUnknownProofpoint1.00NaNBG0057NaNNaNNational Interstate InsInvestigativephishNaN8/29/2019 20:17NaNNaNNaN8/31/2019 6:20NaNNaNResilient Admin (resilient_automation@gaig.com)NoUnknownUnknownNaN9/3/2019 8:168/31/2019 2:238/31/2019 2:238/31/2019 2:238/31/2019 2:23NaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaN<https://threatinsight.proofpoint.com/44844d21...NaNNaNNaNNaNNaNNaNUnknownNaNUnknownUnknownNaNUnknownUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNUnknownNoUnknownNaNNaNNaNNaNNaNNaNNaNNaN7864UnknownNaNNoPhishingNaNUnknownNaNNaNNaNNaN9/3/2019 8:16NaNNaNNaNNaNNaNNaNNaNNaNAugustNaNNaN[Proofpoint Link] — [National Interstate Ins]UnknownNaNNaNNaNGAIGNaNNaNNaNNik Whitis (nwhitis@gaig.com)NoEngageNaNNaNNaNNaNNaNNaNNaNNaNNaNstephanie.ruggles@natl.comNaNNaNNaNtap-notifications@proofpoint.comDuplicateThe true site behind the office doc appears to...NaNNaNNaN4 - LowNo70.62.202.3NaNNaNNaNClosedNaNNaNNaNNaNhxxps://onedrive[.]live[.]com/?authkey=%21AOKA...NaNNaNMozilla/5.0 (Windows NT 10.0; Win64; x64) App...NaNNaNNaNNaNNaNNaNNaNNaNNaNDefault workspaceNaNNaN
3NaNNaNUnknownProofpoint1.00NaNBG0057NaNNaNNational Interstate InsInvestigativephishNaN8/29/2019 20:17NaNNaNNaN8/31/2019 6:20NaNNaNResilient Admin (resilient_automation@gaig.com)NoUnknownUnknownNaN9/3/2019 8:168/31/2019 2:238/31/2019 2:238/31/2019 2:238/31/2019 2:23NaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaN<https://threatinsight.proofpoint.com/44844d21...NaNNaNNaNNaNNaNNaNUnknownNaNUnknownUnknownNaNUnknownUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNUnknownNoUnknownNaNNaNNaNNaNNaNNaNNaNNaN7865UnknownNaNNoPhishingNaNUnknownNaNNaNNaNNaN9/3/2019 8:16NaNNaNNaNNaNNaNNaNNaNNaNAugustNaNNaN[Proofpoint Link] — [National Interstate Ins]UnknownNaNNaNNaNGAIGNaNNaNNaNNik Whitis (nwhitis@gaig.com)NoEngageNaNNaNNaNNaNNaNNaNNaNNaNNaNstephanie.ruggles@natl.comNaNNaNNaNtap-notifications@proofpoint.comDuplicateThe true site behind the office doc appears to...NaNNaNNaN4 - LowNo70.62.202.3NaNNaNNaNClosedNaNNaNNaNNaNhxxps://onedrive[.]live[.]com/?authkey=%21AOKA...NaNNaNMozilla/5.0 (Windows NT 10.0; Win64; x64) App...NaNNaNNaNNaNNaNNaNNaNNaNNaNDefault workspaceNaNNaN
4NaNNaNUnknownMorphick3.00NaNBG0020NaNNaNIT ServicesInvestigativeNaNNaNNaNNaNNaNNaNNaNNaNNaNResilient-Email Connector (irhubacct@rsystems....NoUnknownUnknownNaN9/5/2019 8:249/3/2019 13:199/3/2019 13:199/3/2019 13:199/3/2019 13:19NaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNItem of Interest 3 - Moderate Investigation Su...NaNNaNNaNNaNInboundNaNNoNaNUnknownUnknownNaNUnknownUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNUnknownNoUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaN7877UnknownNaNNoSuspicious Network TrafficNaNUnknownNaNNaNNaNNaN9/9/2019 9:41NaNNaNNoNaNNaNNaNNaNNaNSeptemberCS0015758NaNBAH Item of Interest - Severity: 3 - Moderate ...UnknownNaNNaNNaNGAIGNaNNaNMalwarePaul Karklins (pkarklins@gaig.com)NoDetect/AnalyzeNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNMSG0144748NaNNaNcases@mts.bah.comNot an IssueConfirmed that this traffic was legitimate. S...NaNNaNNaNNaNNaN5 - InformationalNoNaNNaNNaNNaNClosedNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNDefault workspaceNaNNaN
5NaNNaNUnknownProofpoint1.00NaNBG0008NaNNaNCrop DivisionInvestigativephishNaN8/23/2019 19:46NaNNaNNaN9/4/2019 0:46NaNNaNResilient Admin (resilient_automation@gaig.com)NoUnknownUnknownNaN9/4/2019 8:159/3/2019 20:479/3/2019 20:479/3/2019 20:479/3/2019 20:47NaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaN<https://threatinsight.proofpoint.com/769da03a...NaNNaNNaNNaNInboundNaNUnknownNaNUnknownUnknownNaNUnknownUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNUnknownNoUnknownNaNNaNNaNNaNNaNNaNNaNNaN7878UnknownNaNNoPhishingNaNUnknownNaNNaNNaNNaN9/4/2019 8:16NaNNaNNoNaNNaNNaNNaNNaNSeptemberNaNNaN[Proofpoint Link] — [Crop Division]UnknownNaNNaNNaNGAIGNaNNaNMalwarePaul Karklins (pkarklins@gaig.com)NoEngageNaNNaNNaNNaNNaNNaNNaNNaNNaNcelias@gaic.comNaNNaNNaNtap-notifications@proofpoint.comNot an IssueThis was a false positive for phishing.NaNNaNNaN4 - LowNo208.65.192.1NaNNaNNaNClosedNaNNaNNaNNaNhxxps://u345601[.]ct[.]sendgrid[.]net/wf/click...NaNNaNMozilla/5.0 (Windows NT 10.0; Win64; x64) App...NaNNaNNaNNaNNaNNaNNaNNaNNaNDefault workspaceNaNNaN
6NaNNaNUnknownProofpoint1.00NaNBG0008NaNNaNCrop DivisionInvestigativephishNaN8/23/2019 19:49NaNNaNNaN9/4/2019 0:46NaNNaNResilient Admin (resilient_automation@gaig.com)NoUnknownUnknownNaN9/4/2019 8:139/3/2019 20:479/3/2019 20:479/3/2019 20:479/3/2019 20:47NaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaN<https://threatinsight.proofpoint.com/769da03a...NaNNaNNaNNaNInboundNaNUnknownNaNUnknownUnknownNaNUnknownUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNUnknownNoUnknownNaNNaNNaNNaNNaNNaNNaNNaN7880UnknownNaNNoPhishingNaNUnknownNaNNaNNaNNaN9/4/2019 8:13NaNNaNNoNaNNaNNaNNaNNaNSeptemberNaNNaN[Proofpoint Link] — [Crop Division]UnknownNaNNaNNaNGAIGNaNNaNMalwarePaul Karklins (pkarklins@gaig.com)NoEngageNaNNaNNaNNaNNaNNaNNaNNaNNaNcelias@gaic.comNaNNaNNaNtap-notifications@proofpoint.comNot an IssueThis was a false positive for phishing.NaNNaNNaN4 - LowNo208.65.192.1NaNNaNNaNClosedNaNNaNNaNNaNhxxps://u345601[.]ct[.]sendgrid[.]net/wf/click...NaNNaNMozilla/5.0 (Windows NT 10.0; Win64; x64) App...NaNNaNNaNNaNNaNNaNNaNNaNNaNDefault workspaceNaNNaN
7NaNNaNUnknownPhishMe1.00NaNBG0019NaNNaNAFG Internal AuditInvestigativeNaNNaNNaNNaNNaNNaNNaNNaNNaNResilient Admin (resilient_automation@gaig.com)NoUnknownUnknownNaN9/4/2019 13:479/4/2019 9:549/4/2019 9:549/4/2019 9:549/4/2019 9:54NaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNIncident Response team, We have completed an i...NaNNaNNaNNaNNaNNaNUnknownNaNUnknownUnknownNaNUnknownUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNUnknownNoUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaN7882UnknownNaNNoNaNNaNUnknownNaNNaNNaNNaN9/4/2019 13:50NaNNaNNaNNaNNaNNaNNaNNaNSeptemberNaNNaN[Triage] Completed Investigation unavailable [...UnknownNaNNaNNaNGAIGNaNNaNNaNPaul Karklins (pkarklins@gaig.com)NoRespondNaNNaNNaNNaNNaNNaNNaNNaNNaNPhishingNotice@gaig.comNaNNaNNaNPhishingNotice@gaig.comResolvedInvestigated by Interns. Determined that no fu...NaNNaNNaNNaNNaN4 - LowNoNaNNaNNaNNaNClosedNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNDefault workspaceNaNNaN
8NaNNaNUnknownPhishMe1.00NaNBG0051NaNNaNSummitInvestigativeNaNNaNNaNNaNNaNNaNNaNNaNNaNResilient Admin (resilient_automation@gaig.com)NoUnknownUnknownNaN9/4/2019 13:529/4/2019 9:549/4/2019 9:549/4/2019 9:549/4/2019 9:54NaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNIncident Response team, We have completed an i...NaNNaNNaNNaNNaNNaNUnknownNaNUnknownUnknownNaNUnknownUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNUnknownNoUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaN7883UnknownNaNNoNaNNaNUnknownNaNNaNNaNNaN9/4/2019 13:53NaNNaNNaNNaNNaNNaNNaNNaNSeptemberNaNNaN[Triage] Completed Investigation unavailable [...UnknownNaNNaNNaNGAIGNaNNaNNaNPaul Karklins (pkarklins@gaig.com)NoRespondNaNNaNNaNNaNNaNNaNNaNNaNNaNPhishingNotice@gaig.comNaNNaNNaNPhishingNotice@gaig.comResolvedInvestigated by Interns. Determined that no fu...NaNNaNNaNNaNNaN4 - LowNoNaNNaNNaNNaNClosedNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNDefault workspaceNaNNaN
9NaNNaNUnknownPhishMe1.00NaNLG0003NaNNaNAnnuity Information TechInvestigativeNaNNaNNaNNaNNaNNaNNaNNaNNaNResilient Admin (resilient_automation@gaig.com)NoUnknownUnknownNaN9/4/2019 13:549/4/2019 9:569/4/2019 9:569/4/2019 9:569/4/2019 9:56NaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNIncident Response team, We have completed an i...NaNNaNNaNNaNNaNNaNUnknownNaNUnknownUnknownNaNUnknownUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNUnknownNoUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaN7884UnknownNaNNoNaNNaNUnknownNaNNaNNaNNaN9/4/2019 13:54NaNNaNNaNNaNNaNNaNNaNNaNSeptemberNaNNaN[Triage] Completed Investigation unavailable [...UnknownNaNNaNNaNGAIGNaNNaNNaNPaul Karklins (pkarklins@gaig.com)NoRespondNaNNaNNaNNaNNaNNaNNaNNaNNaNPhishingNotice@gaig.comNaNNaNNaNPhishingNotice@gaig.comResolvedInvestigated by Interns. Determined that no fu...NaNNaNNaNNaNNaN4 - LowNoNaNNaNNaNNaNClosedNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNDefault workspaceNaNNaN

Last rows

action_statusAddressAlberta_Health_Risk_AssessmentAlert_SourceAlertsAssessed_LiabilityAttachment_SHABU_CodeBU_Code_LegacyBU_StatusBusiness_UnitCategorizationCategoryCityClick_Timecomputer_last_detection_timecomputer_namecomputer_number_of_infectionsCondemnation_TimeCondition_IDCountry/RegionCreated_ByCriminal_ActivityData_CompromisedData_EncryptedData_FormatDate_ClosedDate_CreatedDate_DeterminedDate_DiscoveredDate_OccurredDelivery_TimeDell_Secureworks_Alert_SourceDell_Secureworks_CategoryDell_Secureworks_Category_ClassDell_Secureworks_ClassificationDell_Secureworks_Close_ActionDell_Secureworks_Close_CodeDell_Secureworks_DescriptionDell_Secureworks_Event_SourceDell_Secureworks_PriorityDell_Secureworks_Sensor_NameDell_Secureworks_SubjectDell_Secureworks_Ticket#Dell_Secureworks_Ticket_TypeDepartmentDescriptionDestination_IPDestination_Portdetection_intervaldetection_timeDirectionalitydomainDroppedEmployeeEmployee_InvolvedEmployee_InvolvementEsclated_To_BU_ITExposure_ResolvedExposure_Typefile_pathGDPR_Breach_CircumstancesGDPR_Breach_TypeGDPR_Breach_Type_CommentGDPR_ConsequencesGDPR_Consequences_CommentGDPR_Final_AssessmentGDPR_Final_Assessment_CommentGDPR_IdentificationGDPR_Identification_CommentGDPR_Personal_DataGDPR_Personal_Data_CommentGDPR_Subsequent_NotificationGuest_Network_InvolvementHarm_ForeseeableHeader_FromHeader_Reply_ToHost_InvolvedHost_NameHours_workedHX_Agent_IDHX_HostnameHX_IPHX_UUIDHXnameIDImpact_LikelyImpacted_SystemIncident_DispositionIncident_TypeIndividual_NameIs_vulnerable?Item_NumberJoe_Sandbox_ResultJurisdictionlast_detection_timeLast_ModifiedLawful_Data_Processing_CategoriesLocationMachine_Compromisedmalware_file_pathmalware_nameMembersMessage_IDMessage_SizeMonthMorphick_Ticket#Morphick_UpdateNameNegative_PRNext_Due_DateNIST_Attack_Vectorsnumber_of_infectionsOrganizationOther_Alert_Sourceother_pathOutbound_Threat_TypeOwnerPersonal_EmailPhasePIPEDA_Other_FactorsPIPEDA_Other_Factors_CommentPIPEDA_Overall_AssessmentPIPEDA_Overall_Assessment_CommentPIPEDA_Probability_of_MisusePIPEDA_Probability_of_Misuse_CommentPIPEDA_Sensitivity_of_PIPIPEDA_Sensitivity_of_PI_CommentProtocolRecipientref_numberremediation_actionRemidiation_SourceReporting_IndividualResolutionResolution_SummaryRisk_of_HarmSenderSender_IPSensor_NameService_Now_Ticket#SeveritySimulationSource_IPSource_of_DataSource_PortStateStatusSubjectThreat_TypeTime_Spent_in_BU_ITTimestamptriage_statusURLURL_Blockedurl_pathUser_Agentvaronis_additional_datavaronis_descvaronis_fromvaronis_idvaronis_whatvaronis_whenvaronis_wherevaronis_whoVendorWorkspacexmatters_requestIdZip
78NaNNaNUnknownProofpoint1.00NaNBG0033NaNNaNStrategic CompEventmalwareNaN9/25/2019 19:47NaNNaNNaN9/25/2019 19:53NaNNaNResilient Admin (resilient_automation@gaig.com)NoUnknownUnknownNaN9/26/2019 11:029/25/2019 15:549/25/2019 15:549/25/2019 15:549/25/2019 15:53NaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaN<https://threatinsight.proofpoint.com/769da03a...NaNNaNNaNNaNNaNNaNUnknownNaNUnknownUnknownNaNUnknownUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNUnknownNoUnknownNaNNaNNaNNaNNaNNaNNaNNaN8057UnknownNaNYesMalwareNaNUnknownNaNNaNNaNNaN9/26/2019 11:02NaNNaNNaNNaNNaNNaNNaNNaNSeptemberNaNNaN[Proofpoint Link] — [Strategic Comp]UnknownNaNNaNNaNGAIGNaNNaNNaNNik Whitis (nwhitis@gaig.com)NoRespondNaNNaNNaNNaNNaNNaNNaNNaNNaNbbulls@strategiccomp.comNaNNaNNaNtap-notifications@proofpoint.comResolvedBarbara informed me that a former colleague of...NaNNaNNaN4 - LowNo208.65.192.1NaNNaNNaNClosedNaNNaNNaNNaNhxxp://yasamkurusatis[.]com/wp-content/uploads...NaNNaNMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7...NaNNaNNaNNaNNaNNaNNaNNaNNaNDefault workspaceNaNNaN
79SucceededNaNUnknownSCEPNaN0NaNBG0033NaNNaNStrategic CompEventNaNNaNNaNNaNSCICITRIXF.ga.afginc.com1.0NaNNaNNaNResilient Admin (resilient_automation@gaig.com)NoUnknownUnknownNaN9/26/2019 11:049/25/2019 16:349/25/2019 20:329/25/2019 20:329/25/2019 20:32NaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNSystem Center Endpoint Protection has detected...NaNNaNNaN9/25/2019 20:32NaNGAUnknownNaNUnknownUnknownNaNUnknownUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNUnknownNoUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaN8059UnknownNaNYesMalwareNaNUnknownNaNNaNNaN9/25/2019 20:329/26/2019 11:04NaNNaNNaNNaNBehavior:Win32/Meterpreter.gen!ANaNNaNNaNSeptemberNaNNaNConfiguration Manager Malware Detected Alert: ...UnknownNaNNaN1.0GAIGNaNNaNNaNNik Whitis (nwhitis@gaig.com)NoRespondNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNQuarantineNaNSCCM_2012_Alert@gaic.comDuplicateMalware turned out to be a Qbot variant that s...NaNNaNNaNNaNNaN5 - InformationalNoNaNNaNNaNNaNClosedNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNDefault workspaceNaNNaN
80SucceededNaNUnknownSCEPNaN0NaNBG0033NaNNaNStrategic CompEventNaNNaNNaNNaNSCICITRIXF.ga.afginc.com1.0NaNNaNNaNResilient Admin (resilient_automation@gaig.com)NoUnknownUnknownNaN9/26/2019 11:049/25/2019 16:419/25/2019 20:349/25/2019 20:349/25/2019 20:34NaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNSystem Center Endpoint Protection has detected...NaNNaNNaN9/25/2019 20:34NaNGAUnknownNaNUnknownUnknownNaNUnknownUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNUnknownNoUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaN8060UnknownNaNYesMalwareNaNUnknownNaNNaNNaN9/25/2019 20:349/26/2019 11:04NaNNaNNaNC:\Users\bbulls\AppData\Local\Temp\4f05.dllTrojan:Win32/Swrort.ANaNNaNNaNSeptemberNaNNaNConfiguration Manager Malware Detected Alert: ...UnknownNaNNaN1.0GAIGNaNNaNNaNNik Whitis (nwhitis@gaig.com)NoRespondNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNQuarantineNaNSCCM_2012_Alert@gaic.comDuplicateMalware turned out to be a Qbot variant that s...NaNNaNNaNNaNNaN5 - InformationalNoNaNNaNNaNNaNClosedNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNDefault workspaceNaNNaN
81SucceededNaNUnknownSCEPNaN0NaNBG0033NaNNaNStrategic CompEventNaNNaNNaNNaNSCICITRIXF.ga.afginc.com1.0NaNNaNNaNResilient Admin (resilient_automation@gaig.com)NoUnknownUnknownNaN9/26/2019 11:049/25/2019 16:479/25/2019 20:439/25/2019 20:439/25/2019 20:43NaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNSystem Center Endpoint Protection has detected...NaNNaNNaN9/25/2019 20:43NaNGAUnknownNaNUnknownUnknownNaNUnknownUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNUnknownNoUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaN8061UnknownNaNYesMalwareNaNUnknownNaNNaNNaN9/25/2019 20:439/26/2019 11:04NaNNaNNaNNaNBehavior:Win32/Atosev.gen!ANaNNaNNaNSeptemberNaNNaNConfiguration Manager Malware Detected Alert: ...UnknownNaNNaN1.0GAIGNaNNaNNaNNik Whitis (nwhitis@gaig.com)NoRespondNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNQuarantineNaNSCCM_2012_Alert@gaic.comResolvedMalware turned out to be a Qbot variant that s...NaNNaNNaNNaNNaN2 - HighNoNaNNaNNaNNaNClosedNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNDefault workspaceNaNNaN
82NaNNaNUnknownSecureWorks1.00NaNBG0033NaNNaNStrategic CompEventNaNNaNNaNNaNNaNNaNNaNNaNNaNResilient Admin (resilient_automation@gaig.com)NoUnknownUnknownNaN9/26/2019 11:099/25/2019 22:479/25/2019 22:479/25/2019 22:479/25/2019 22:47NaNIDSCommand and ControlSecurityOpportunisticNaNNaN=========================\nIncident Overview\n...MPLEHIGHNaNSourcefire AMP: Threat Detected in Network Fil...IN33681248INCIDENTNaN<https://portal.secureworks.com/portal/inciden...NaNNaNNaNNaNNaNNaNUnknownNaNUnknownUnknownNaNUnknownUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNUnknownNoUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaN8062UnknownNaNYesMalwareNaNUnknownNaNNaNNaNNaN9/26/2019 11:09NaNNaNNaNNaNNaNNaNNaNNaNSeptemberNaNNaN[DSWRX Event] Sourcefire AMP: Threat Detected ...UnknownNaNNaNNaNGAIGNaNNaNNaNNik Whitis (nwhitis@gaig.com)NoRespondNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNservice@secureworks.comDuplicateThe domain serving the malware has now been bl...NaNNaNNaNNaNNaN5 - InformationalNoNaNNaNNaNNaNClosedNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNDefault workspace3855b224-85bc-4a13-a203-007ccc971729NaN
83NaNNaNUnknownSecureWorks1.00NaNBG0033NaNNaNStrategic CompEventNaNNaNNaNNaNNaNNaNNaNNaNNaNResilient Admin (resilient_automation@gaig.com)NoUnknownUnknownNaN9/26/2019 11:099/25/2019 22:579/25/2019 22:579/25/2019 22:579/25/2019 22:57NaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaN[External] (ANSOC) Secureworks Ticket #3368124...NaNNaNNaN<https://portal.secureworks.com/portal/inciden...NaNNaNNaNNaNNaNNaNUnknownNaNUnknownUnknownNaNUnknownUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNUnknownNoUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaN8063UnknownNaNYesMalwareNaNUnknownNaNNaNNaNNaN9/26/2019 11:09NaNNaNNaNNaNNaNNaNNaNNaNSeptemberNaNNaN[External] (ANSOC) Secureworks Ticket #3368124...UnknownNaNNaNNaNGAIGNaNNaNNaNNik Whitis (nwhitis@gaig.com)NoRespondNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNservice@secureworks.comResolvedThe domain serving the malware has now been bl...NaNNaNNaNNaNNaN2 - HighNoNaNNaNNaNNaNClosedNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNDefault workspaceNaNNaN
84NaNNaNUnknownPreempt1.00NaNBG0046NaNNaNPublic Sector DivisionInvestigativeNaNNaNNaNNaNNaNNaNNaNNaNNaNResilient Admin (resilient_automation@gaig.com)NoUnknownUnknownNaN9/26/2019 10:359/26/2019 0:199/26/2019 0:199/26/2019 0:199/26/2019 0:19NaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNThis mail is an immediate notification of an I...NaNNaNNaNNaNInboundNaNUnknownNaNUnknownUnknownNaNUnknownUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNUnknownNoUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaN8064UnknownNaNYesSuspicious Host ActivityNaNUnknownNaNNaNNaNNaN9/26/2019 10:35NaNNaNNoNaNNaNNaNNaNNaNSeptemberNaNNaNPreempt Alert: [INC-16420] Potential Risky Act...UnknownNaNNaNNaNGAIGNaNNaNMalwareGene Kazimiarovich (gkazimiarovich@gaig.com)NoRespondNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNResolvedLogin detected from the following hosts:\n\nCV...NaNNaNNaNNaNNaN4 - LowNoNaNNaNNaNNaNClosedNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNDefault workspaceNaNNaN
85NaNNaNUnknownProofpoint1.00NaNLG0006NaNNaNAnnuity Great American AdEventphishNaN9/27/2019 18:43NaNNaNNaN9/27/2019 20:14NaNNaNResilient Admin (resilient_automation@gaig.com)NoUnknownUnknownNaN9/30/2019 9:529/27/2019 16:159/27/2019 16:159/27/2019 16:159/27/2019 16:15NaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaN<https://threatinsight.proofpoint.com/769da03a...NaNNaNNaNNaNNaNNaNUnknownNaNUnknownUnknownNaNUnknownUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNUnknownNoUnknownNaNNaNNaNNaNNaNNaNNaNNaN8069UnknownNaNYesPhishingNaNUnknownNaNNaNNaNNaN9/30/2019 9:52NaNNaNNaNNaNNaNNaNNaNNaNSeptemberNaNNaN[Proofpoint Link] — [Annuity Great American Ad]UnknownNaNNaNNaNGAIGNaNNaNNaNNik Whitis (nwhitis@gaig.com)NoEngageNaNNaNNaNNaNNaNNaNNaNNaNNaNpnerone@gaig.comNaNNaNNaNtap-notifications@proofpoint.comResolvedNotified Peter that the email was malicious an...NaNNaNNaN4 - LowNo208.65.192.1NaNNaNNaNClosedNaNNaNNaNNaNhxxps://app[.]box[.]com/s/djr591utixpcrt3m17z3...NaNNaNMozilla/5.0 (Windows NT 10.0; WOW64; Trident/...NaNNaNNaNNaNNaNNaNNaNNaNNaNDefault workspaceNaNNaN
86NaNNaNUnknownSecureWorks1.00NaNBG0MEXNaNNaNEl Ag Specialty (Division Danos Mexico)InvestigativeNaNNaNNaNNaNNaNNaNNaNNaNNaNResilient Admin (resilient_automation@gaig.com)NoUnknownUnknownNaN9/30/2019 8:499/28/2019 12:149/28/2019 12:149/28/2019 12:149/28/2019 12:14NaN----NaNNaN---NaN-33714161-NaN<https://portal.secureworks.com/portal/healtht...NaNNaNNaNNaNInboundNaNUnknownNaNUnknownUnknownNaNUnknownUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNUnknownNoUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaN8074UnknownNaNYesHealth AlertNaNUnknownNaNNaNNaNNaN9/30/2019 8:49NaNNaNNoNaNNaNNaNNaNNaNSeptemberNaNNaN[External] Subject: Secureworks Ticket #337141...UnknownNaNNaNNaNGAIGNaNNaNMalwarePaul Karklins (pkarklins@gaig.com)NoRespondNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNservice@secureworks.comResolvedSensor rebooted and status back to normal.NaNNaNNaNNaNNaN4 - LowNoNaNNaNNaNNaNClosedNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNDefault workspaceNaNNaN
87SucceededNaNUnknownSCEPNaN0NaNBG0018NaNNaNGreat American CustomInvestigativeNaNNaNNaNNaND-5R4XH02.gamcustom.local1.0NaNNaNNaNResilient Admin (resilient_automation@gaig.com)NoUnknownUnknownNaN9/30/2019 9:319/28/2019 14:249/28/2019 18:229/28/2019 18:229/28/2019 18:21NaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNSystem Center Endpoint Protection has detected...NaNNaNNaN9/28/2019 18:22InboundGAMCUSTOMUnknownNaNUnknownUnknownNaNUnknownUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNUnknownNoUnknownNaNNaNNaNNaNNaNNaNNaNNaNNaNNaN8075UnknownNaNNoMalwareNaNUnknownNaNNaNNaN9/28/2019 18:229/30/2019 9:32NaNNaNNoC:\Users\ruizl\OneDrive - Netconic IT\Tech Stu...HackTool:Win32/WirKeyNaNNaNNaNSeptemberNaNNaNConfiguration Manager Malware Detected Alert: ...UnknownNaNNaN1.0GAIGNaNNaNMalwarePaul Karklins (pkarklins@gaig.com)NoRespondNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNoActionNaNSCCM_2012_Alert@gaic.comNot an IssueUser confirmed this was a admin tool used in t...NaNNaNNaNNaNNaN5 - InformationalNoNaNNaNNaNNaNClosedNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNNaNDefault workspaceNaNNaN